Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add "source IP" filed in SCEP alert to indicate malware infection source for worms

    I suggest to add the “source IP” field to indicate where the worm like malware comes from, especially for Ransomware WannaCrypt.

    We know that Wannacrypt exploits vulnerability in SMBv1 to spread as worm, so in such scenarios, if the detection alert can have an attribute about which source computer exploits the vulnerability and drops the malware payload, that would be great help to customer locating the source computer. This applies to other worms.

    Expected detection from 3rd party AM product

    === Event Details ===
    Event ID: 147613895128
    Start Time: 21 Sep 2017 10:25:47 CST
    End Time: 21 Sep 2017 10:25:47…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Please Fix SCEP reports

    Hi all,

    I found two strange things in the 'Antimalware overall status and history' SCEP report.

    The first (Overall Endpoint Protection status and history part):
    (q1a.png, q1b.png, q1c.png included)
    The problem is that when the daily data goes to the historical table the ‘inactive’ and the ‘not installed’ counters will be the same. For instance, if I have 50 inactive clients they will be represented as with 50 ‘not installed’ too. Or customer was nerves about this statistic, because no machine can go into the production network without SCEP, but they see lots of ‘not installed’ in

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support for uninstall password for 3rd party enterprise antivirus.

    Support for uninstall password for 3rd party enterprise antivirus.
    Symantec especially, but the more support the better.
    This would help tremendously with migrations to Endpoint Protection.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Give full controll over Windows Defender Controlled Folder Access

    The default configuration in Windows defender controlled access folder blocks folders like pictures, documents, desktop etc. and you can't turn it off. It was difficult to deploy applications so we decided to not use this feature anymore and it's a shame because it's a such a great idea. We would like to have an option to disable this default behavior. At our company We want only to protect network drives/folders and don't care about pictures folders etc.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Impliment RBAC control settings for Bitlocker management

    Currently only a Full Administrator can create or deploy a bit locker management policy. Please enable these rights to be delegated.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Please include the option to include MONTHLY FULL scans on systems.

    Currently we do not have the option to configure monthly full virus scans on our servers. Daily quick or full scans on hundreds of servers is not a very optimal solution.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. SCEP/Endpoint Allow Custom Threat List

    SCEP/Endpoint Protection should allow admins to add a custom file names, folders, or extensions as a threat. This would be very helpful in zero day vulnerabilities.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. 6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. WIndows Defender Application Control - Specify Base Policy when creating Policies

    When SCCM is applying the policy it Creates 2 XMLs in C:\windows\CCM\DeviceGuard and uses a windows template in C:\Windows\Schemas\Codeintegrity\ExamplePolicies

    This means that Rules already applied are not replicated when SCCM overwrites the current sipolicy.p7b (tested with before and after - some publisher rules were missing)

    My suggestion is to allow users to specify an additional xml to be merged with the 3 aforementioned xml files essentially allowing for custom rules to be replicated in the policy.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add the possability to configure a Quick/Full Scan if the client is infected.

    Some malware reproduces themselves in various files.
    For us a Quick/Full Scan if the Client is infected would be great.

    Option:
    If the Client was infected within "X" Hours/Days, run a "Quick/Full" Scan and create a report

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. delete from quarantine

    To remove malware from clients I have to log into each client, go into the history and delete the infection from there? I'm really surprised I cannot do this from the SCCM console.

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add a view for Resultant Set of Policy for Anti-Malware, in a similar fashion to that for Client Settings

    Add a view for Resultant Set of Policy for Anti-Malware, in a similar fashion to that for Client Settings in the Devices / Device Collections node.

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Make Windows Defender ATP dashboard: clickable

    When I view the dashboard for Windows Defender ATP I can see onboarding status % and agent health but cannot click on the pie chart nothing happens. It would be great if I can see list of machines for each status

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. EMET deployment and reporting in SCCM as Endpoint Protection is done

    Get EMET in SCCM 2016 to be deployed, managed and having report

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Disable 'Scan Now' for Users

    I would like to have a possibility to disable the 'Scan Now' button (System Center Endpoint Protection) for example on RDS environments.
    I would like to prevent that multiple users start a Full Scan during office hours.
    Using System Center 2012 R2 Configuration Manager or by GPO.

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. block read and/or write of removable media (USD, CD, etc)

    We would like to see the ConfigMgr client endpoint protection aspect to be able to block read and/or write access to removable media and if need be admins able to password bypass. This is one aspect of 3rd party endpoint protection software that prevent companies form switching to ConfigMgr for endpoint protection.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Bitlocker exception for USB only

    Currently with MBAM integration, the only exception is for the whole device to be excluded. We have certain USB devices (scanners/cameras/medical equipment) that is seen as USB mass storage and therefore encryption is required along with some users who have legitimit business reasons to not need to encrypt USB devices. We still require the HDD to be encrypted but allow the USB to be excluded.
    We have our current GPO based bitlocker set with the USB encryption in a seperate policy so it can be excluded by devices in an AD group to allow these scenarios. Currently this prohibits moving…

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Malware Detail buttons that link to useful information

    A Malware Detail button that actually links to actionable/useful information. The existing malware detail buttons link to pretty much blank malware detail pages on MS documentation sites. They are not useful. If you can't do the analysis, can you provide links to actual CVEs or other trusted sources?

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Rollback Definition

    Make it possible to rollback a Definition file on a granular level, individual computer, group of computers or all computers.

    From a business perspective we would need to be able to make the process easy to rollback to the prevous definition file. So adding this feature to the ConfigMgr Console would be very beneficial.

    The method of today is not realy desired where you have to use mpcmdrun command manually or scriptet.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support for Network Drives in WDAC and Exploit Guard

    When configuring exclusions and exceptions in WDAC or Exploit Guard via SCCM, whitelisting a path within a mapped network drive is non functional.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base