Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve the usability of Compliance Settings

    When I first looked at Compliance Settings I could not get my head around how it worked. I believe I understand it now but it could be made easier.

    One useful feature would be the inclusion of using admx or existing GPOs to ensure AD compliance is working or apply settings over multiple domains / workgroup system. The Security Compliance Manager has some of these features but only for Microsoft related products with security configuration.

    7 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Display all Actions in software center under actions tab.

    Display all Actions in software center under actions tab.

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Allow folders under Global Conditions

    Allow folders to be created under Global Conditions to allow for better organization with in the console.

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Report on Local Admin Permissions

    For many years now Microsoft has strongly recommended that Local Admin Rights be removed. Would it be possible to have SCCM report on the contents of the Local Administrators group? Also, could we maybe have a wizard under Compliance Settings to configure these settings. I know Sherry Kissenger from MNSCUG has done a lot of work with this. Maybe the product team could pattern the solution after her work.

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. DCM - Expand the Compliance Rules so that they can return Values

    Expand the capabilities of the Compliance rules so that I can collect the Registry Value optionally.

    Itā€™s great that we can tell if systems are compliant, but often we are Auditing Registry values and handing the data over to Security or other groups. Those other groups determine if the setting is compliant or not.

    Simply handing over a report that lists 10s of thousands of systems as not compliant is not enough...the next question that we are often asked is what are the Non-Compliant values.

    An additional check box to "Collect Values" would be very helpful and reduce allot ofā€¦

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  4 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Desired Configuration - Remediation Client Log

    Currently, there is no client logging when a Configuration Item is remediated. This is all that there is:

    1) An entry in CIAgent.log:
    "Invocation succeeded for policy platform job <GUID>"

    2) 2 entries in %PROGRAMFILES%\Microsoft Policy Platform\PolicyPlatformClient.log:
    "Starting job [<GUID>] with the following parameters"
    "Mode = Remediate, JobPriority = Foreground, PrincipalId = [SYSTEM], ScopeFilters = # filter[s]"

    The other other place that there's evidence of remediation are in the Baseline reports on the client and the SSRS reports on the server.

    None of these locations show any detail about when individual configuration items were remediated. I recently had to troubleshootā€¦

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. VLSC license counting and yearly even up

    A tool in Configuration Manager that will reconcile installed Microsoft products taken from inventory with what is licensed in VLSC to make the yearly even up process simple and accurate.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Make it possible to use CMpivot queries (KQL) to create Compliance Settings.

    With the ability to use CMPivot queries (KQL) it would be easier to create Compliance Settings. You could use one language for multiple tasks.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Add an option to execute a Task Sequence to remediate a Configuration Item instead of a script.

    We are using a Baseline to monitor a set of applications on a device, so that when we switch to a new baseline (new software) a device becomes non-compliant and then runs a Task Sequence to install the new application(s) and become compliant again (it's a long story and a customer requirement that we prove 100% that the correct software is installed.

    We use a Task Sequence to remediate the device as it needs to be done in a controlled manner and it would be nice if you could select and execute a task sequence rather than waiting for theā€¦

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Convert CI from Operating System type to Application Type

    It happens (quite often) when I'm creating a CI in the console that I blaze thru the wizard (accepting defaults) and start building out all my settings, rules, etc. When I'm all done, I close out and then realize that I forgot to configure the CI as an APPLICATION CI with a detection method.

    So now I have to delete my CI, and start all over from scratch. ANNOYING! I would love the ability to "convert" an Operating System CI type to an Application CI type and be able to go back in and add a detection method as appropriate.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. devices compliance status on SUG - drill into non-compliant list/collection/query

    on the software update dashboard I want to monitor and pursue the non-compliant machines - I cannot see a way, as in other pie charts and other graphs in the various dashboards around the console, of drilling into the list of devices

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. deployment under software update groups

    I wish the deployments under Software Groups would show percent compliance

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Declare the CI settings better for iOS Kiosk Mode

    When I setup a Kiosk Configuration item, the Wizard show me, that I Am able to configure the Touch Screen. When I set it to dsiabled, the Touch Screen is working, on Enabled the Touch screen is not working.
    Or if you check the attached picture, with the Current Settings, the Volume Buttons are disabled on the Device.
    This is very misleading and should be corrected!

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Expand Compliance Settings for Conditional Access for SCCM Clients

    Settings management in ConfigMgr is very rich and extensible. However, there are only a few settings available for Conditional Access policy managed by the ConfigMgr client (Bitlocker, Software Updates compliance, Antimalware, and AAD reg). Expand the existing compliance settings feature set, to Conditional Access clients, to allow a more compreshensive compliance evaluation criteria and to provide remediation functionality.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Non Compliance - Get Actual Value

    Hello,

    Can you add on the "Non-Compliant" tab the column "Actual Value"
    Because actually we need to click on each device to know this actual value ...

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. transcript

    I would like to turn off powershell transcripting in configuration item. If I run PS script in user mode (means "Run scripts by using the logged on user credentials" is enabled.) then it creates a folder under user's mydocuments folder. It is very annoying.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Allow all Compliance Settings to work on Co-Managed Devices

    Right now Configuration Baselines have the option "Always apply this baseline even for co-managed clients". This is great as our journey to Modern Management and Intune will likely take several years and our investment in on-prem ConfigMgr is significant.

    It would be very useful if this option could apply to other Compliance Settings which cannot be added to a baseline. One example is Company Resource Access -> Wi-Fi Profiles. Right now, co-managed devices will ignore Wi-Fi profiles deployed to them. This is limiting for those of us still getting started with Intune and Modern Management.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Import/use ADMX to create Compliance Settings

    Import or use ADMX Files to create compliance settings/items and us SCCM to deploy these Settings instead of active directory gpo

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Support Enabling Credential Guard via Compliance Settings

    Need to be able to enable/configure Credential Guard via Compliance Settings with per-collection deployments. Need to get compliance data reported back.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Deploy Application via Baseline Compliance

    Right now you can deploy a base line to see if system have all the require local apps. Would be nice if you allow the system to have remediation for the missing application, that is specify by the company. As of now the only thing you can have baseline auto fix is Registry value & Script (by running remediation script) & WQL Query. If it could auto and manually fix application that would be outstanding. I would allow it in these two ways, if the system detects it missing an app it auto deploys that package ID to itself (Checkā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base