Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.
If you require assisted support, please see https://aka.ms/cmcbsupport for more details.
-
3rd Party Patching - SCUP Integration with SCCM Console
Integrate the SCUP tool on to SCCM Admin Console. This will give a single pane of glass view for all patching activities (including importing 3rd party patches).
3,785 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This is included in #SCCM 1806 – released today. More improvements coming.
-
Install Servicing Stack Updates Before Other Updates
Currently, when servicing stack updates and regular updates are deployed in the same software update group, the patches do not apply in a determinant order. This leads to cases where a cumulative update that requires a new servicing stack is installed before the servicing stack itself.
While this can be worked around by separately deploying the servicing stack update before updates that require said servicing stack, it would be much more convenient if the update installation process checked if there are any servicing stack updates to be deployed and automatically installed them first
1,672 votesSSUs will now be installed before other updates in the Configuration manager 2002 release, which is now released to the opt-in phase. You can opt-in and then download 2002 through their Admin Console now!
Blog: https://techcommunity.microsoft.com/t5/configuration-manager-blog/update-2002-for-microsoft-endpoint-configuration-manager-current/ba-p/1272670
Docs: https://docs.microsoft.com/configmgr/core/plan-design/changes/whats-new-in-version-2002
Support Information: https://aka.ms/cmcssreleaseinfo -
Install and Shutdown / Install and reboot with Software Updates
In Windows client, after receiving software updates from the SUP, I want you to be able to use the" install and reboot / shutdown and update" botton.
868 votescompleted ·AdminBob Mac Neill (Software Engineer, Microsoft Endpoint Configuration Manager) responded
Updating to complete. The feature was enabled in 1606 release and available in Windows 10.
The feature is not available in down-level OS’s. -
Using express installation files
Integration of the express installation files from WSUS
I think this is becoming mandatory with the size of updates of Windows 10.684 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
While express updates work in 1702, and improved with a update for 1702… the performance is drastically improved in ConfigMgr 1706 production release. This is faster whether or not using DO. Improvements are being considered for hotfix for 1702.
-
Revamp ConfigMgr's cluster patching, and remove it from PreRelease
Cluster patching feature was added in #SCCM CB 1602, but has been in prelease for a long time. It needs to:
1) Have improved/revamped UI
2) Remove dependency on collections
3) Orchestrate patching for any machines, not just servers/clusters
4) Remove the feature from prerelease679 votes -
Need WSUS Maintenance tasks
There should be a few built in maintenance tasks to go through and complete all the maintenance tasks that are needed for WSUS. I find having to run through these steps every month to be quite tedious requiring a lot of change control each month to get the maintenance work completed for WSUS.
Everything described in this article should be automatically done by CM: https://blogs.technet.microsoft.com/configurationmgr/2016/01/26/the-complete-guide-to-microsoft-wsus-and-configuration-manager-sup-maintenance/
615 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
Phase one of this has shipped. We will continue evolving this in the next SCCM release (1906), and will track progress in this item:
-
Preferred Software Update Points
Now that we have the option to define both Distribution Points and Management Points as preferred, it'd be terrific if we could have the same option for Software Update Points. It would make a strong case when designing a flat hierarchy.
604 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
With 1706, there is no much more control over SUPs and mapping to Boundary Groups. There is one more item left, which will allow control to failover (timeout) faster than 2 hours:
https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/20353357-give-more-granular-control-over-the-2-hour-sup-faiEverything else for this item is completed in 1706.
-
Automatically Publish Full Content for Third Party Software Updates
With the release of CB 1806 we are now able to publish third party updates using custom catalogs. Ideally, third party patches would function exactly like first party patches from an administration and automation perspective. Currently there's two main areas where this is not the case.
Synchronization Schedule:
I could be wrong on this but I believe that subscribed catalogs sync automatically every 24-hours. While that's nice, it would be great to simply integrate with the existing sync schedule. Sync the catalogs, publish relevant metadata to WSUS, then sync the SUP(s).Automatic Deployment Rules:
Currently, only update metadata is published…448 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This can now work, in #configmgr 2002 production (available now); as long as the 3rd party catalogs are authored in V3 of the catalog schema, and the customer is setting ADR rules at the catagory level. At this time, both PatchMyPC and Dell are authoring and offering 3rd party catalogs. PatchMyPC has a great overview in how to configure this optimally.
-
Software Update Patch Tuesday Scheduling
It would be really great if when configuring an Automated Deployment Rule you could configure it to run based on the number of days / weeks since "patch Tuesday" (especially in countries other than the USA where "patch Tuesday" is actually a Wednesday and not necessarily the second Wednesday of each month). I currently get around this by having a script detect when patch Tuesday has passed and subsequently execute an ADR and create one or more deployments based on the number of weeks since that date. This works fine, but an in product solution would be better
369 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This is shipped in the recently released #SCCM 1802 production release.
For more information
General Blog: https://cloudblogs.microsoft.com/enterprisemobility/?p=69422Docs: https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/whats-new-in-version-1802
-
Change the maximum run time of cumulative updates to 30 minutes
With the new 'cumulative updates' model I think it would be a good idea to change the maximum run time of cumulative updates to 30 minutes (or whatever is best suited). I have noticed more timeout issues with patching in the last couple of months due to the default 10 minutes not being enough time to install 'X' patches as a single CU. This would be preferred to manually overriding them every month.
298 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This is improved for win10 cumulative updates on ConfigMgr 1706. If the update size is bigger at import time; we will set a larger timeout.
-
Force clients to download updates from Microsoft update site.
With more and more people working from home these days, having the ability to specify in a Software Update Group deployment to force download from MS update site would be terrific. I'd still like those clients to download content for applications from the internal DP over VPN, but downloading monthly updates would be much quicker if you could force them to use internet instead of VPN.
272 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This functionality just shipped in #configmgr 2010.
-
ADR New Search Criteria, Deployed = yes/no
I propose a new search criteria for ADR, to avoid multiple deployments for a single update. This is a pain to clean up afterwards.
222 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This is shipped as part of #MemCM / #ConfigMgr 1910
-
Show Machines within Console that Require Updates
You know that "x" number of machines require this update. Would you please list the machines names below. Screenshot for what I would like.
191 votes -
Configure multiple deployments in an Automatic Deployment Rule
When creating Automatic Deployment rules, it would be useful to be able to configure multiple deployments.
You may for example want test, pilot and live deployments to different collections and possibly with different settings. It doesn't make sense to have to create different rules with the same updates criteria just for additional deployments.
The CM administrator may choose to have the additional deployments disabled to allow for testing, but enabling a deployment leaves less room for error, and is less administrative overhead than creating these additional deployments manually each time for pilot/live.
It would also be useful to have the…
181 votesThank you all for your comments and feedback!
This is complete and available in our 1511 release.
-
Wants to get display notifcation message in clients to close any opened Office 365 apps while updates installation started
In SCCM 1610 users are not displaying notification message in clients to close any Office 365 opened apps before Office updates installation started in "Software Center" and even we set forceappshutdown=False switch in Configuration.xml file for Office 365
161 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This is completed in ConfigMgr 1706 production release, publically available soon.
-
Office 365 Required Updates in 1706 Should Not Force Applications to Close
We can not have production applications close automatically.
Revert back to having required Office 365 updates install at reboot by default and make the force closing of applications with optional display/postpone options a separate configurable option which can be selected per deployment (not client policy).137 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
We have phase 1 of the fix in #SCCM 1802 production build that was released today. It will now prompt them that it needs to be rebooted to be patched. We will take a second fix when SCCM & o365 can get a better experience.
-
Add 80072ee2 as a default code to the WSUS Scan Retry Error Codes
If a SUP/WSUS server is offline or in a disaster situation, clients should be allowed to failover to another SUP.
Currently if a SUP goes offline, clients simply will never scan again, and this is not an ideal situation.
103 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This is shipped as part of #MemCM / #ConfigMgr 1910
-
When Expiring Updates based on Supersedence Rules also Decline them in WSUS
When SCCM expires updates based on the configured Supersedence Rules it only does so in SCCM, not WSUS. Additionally, SCCM does not approve updates in WSUS.
Because of these two facts the WSUS Cleanup Wizard will never decline superseded updates. They are neither expired (as they are in SCCM) nor are their superseding updates approved (a requirement for the WSUS Cleanup Wizard). This causes a bloated Update Catalog that can cause very real client issues. There are scripts available to handle this situation but this is the last mile issue in regards to WSUS maintenance. If the product declined the…95 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This is fixed in #SCCM 1806.
-
Allow software update installation at shutdown
Everyone who knows WSUS misses the feature in ConfigMgr to allow the installation of software updates when the machine is shut down. This is being requested for a very long time now. For most businesses it's not the best approach to install updates only when a user is logged on. Of course the scenario changes with Windows 8 and 10, but it's still a valuable addition to the option a ConfigMgr admin should have.
89 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This is implemented for win10 in SCCM 1606 Production
-
Add Option to Bypass Proxy for Local Address for ADR Content Downloads
It would be extremely helpful to have an option in the software update point site system to bypass a proxy for a local address. The only options today are (see Current-SUP-Proxy-Options.png):
- Use a proxy server when synchronizing
- Use a proxy server when downloading content by ADRs
The issue is when an ADR tries to download a third-party software update, it will attempt to use a proxy server and often fail because the proxy doesn't route correctly to the internal WSUS server. For example in patchdownloader.log, you will see something like <Download-Error-PatchDownloader.png>.
There needs to be an option to not use…
72 votescompleted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
Fixed in #configmgr 2002 production release, available now.
- Don't see your idea?