Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Endpoint protection : Report for windows defender AV with definitions and With Cloud based protection

    In Windows 10 Creators Update, the Windows Defender AV client uploads suspicious files to the cloud protection service for rapid analysis.

    In SCCM, we can see al malxare detected by the traditionnal Windows defender AV (working with definition).
    Can we aad a report on malware (or suspicious files) detected by the Cloud protection service ?

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Rollback Definition

    Make it possible to rollback a Definition file on a granular level, individual computer, group of computers or all computers.

    From a business perspective we would need to be able to make the process easy to rollback to the prevous definition file. So adding this feature to the ConfigMgr Console would be very beneficial.

    The method of today is not realy desired where you have to use mpcmdrun command manually or scriptet.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Include all ASR Rules in Windows Defender Exploit Guard

    Some Attack Surface Reduction Rules are missing in the Windows Defender Exploit Guard settings.

    Please include the following Rules:
    Block Office communication application from creating child processes
    Block Adobe Reader from creating child processes
    Block persistence through WMI event subscription

    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support for Network Drives in WDAC and Exploit Guard

    When configuring exclusions and exceptions in WDAC or Exploit Guard via SCCM, whitelisting a path within a mapped network drive is non functional.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add all levels of "Sample Submission" to GUI

    In the client Policy for SCEP we have "Auto Sample Submission" turned on as the default. However this only works for some files that are suspicious. There are actually two other levels of Sample Submission that can only be obtained by changing registry values and pushing out these settings as a script via SCCM, or GPO. Would love to have these exposed through the GUI.

    Talking about these settings:

    Problem:
    SCEP is prompting for submission of suspicious files when in policy "Auto Sample Submissions" are enabled. Trying to find out why we are getting prompts.

    Resolution:
    I received and reviewed…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Send sample collection requests for admin approval

    When there is sensitive information disclosure risk, end users aren't authorized by my org to approve/deny sample submission, but disabling the feature entirely misses out on an important security insight.

    Please make it possible to hide sample submission requests from end users - and instead send them to the Configuration Manager Console for IT admin approval; clients should hold onto the proposed sample data locally until submission is approved or denied.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. endpoint

    Allow override an existing policy on Import. This makes it easier to develop new settings and bring it to production without having to give it a new name and create a new deployment.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. can we have the Naming of Defender (EP) the same as in intune and MDATP

    In some cases, the naming is different in Intune, MDATP and ConfigManager, but in the background it is the same setting, this is not only for Defender, it is for all Defender tools, like expoit guard, Microsoft Active Protection Service (MAPS) and so one. That would be nice...

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. ConfigMgr Feature for Fully Managing SCEP UNC Update Location

    Instead of having organizations manually create shares and write custom scripted solutions for downloading the updates, have ConfigMgr natively be able to handle this.

    ConfigMgr Site Settings:
    - Define 1 or more network locations
    - Define an update schedule for how often ConfigMgr will download new SCEP updates to those locations
    - Optional settings - Define proxy information and service account

    It would be awesome if it did this through a scheduled task so it could survive ConfigMgr services being down (primary/db, etc).

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Endpoint Overall Status reports need colours changed

    Currently the colours used in the Overall Status report don't match more standard "traffic lights (Green/Yellow/Red)" type colours. e.g. Currently red indicates definitions 3-7 days, Dark Blue defs older than 7 days. Installation Failed is blue, while a restart is Red. Essentially, it would be handy if the colours matched more closely to the criticality of the item they represent

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Device Guard Application Whitelisting, transistion from Audit to enforced and back again.

    Device Guard Application Whitelisting, being able to transistion from Audit to enforced without having to redeploy all applications. This would mean you could move from audit where you reinstall the apps and ensure you have compliance and won't break anything to enforced and if you experience some issues and need time to remediate you should be able to go back to audit to fix it. If this could then be enhanced so you can move to a new SCCM solution without extra configuration that would be very impressive.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support monitoring only for endpoint protection (no remediation)

    Endpoint Protection - Monitoring mode only.

    Sometimes, in first Endpoint Protection deploying in specific business sensetive networks, we need option to detect malwares and monitor only without any actions with malwares. If malware detected Endpoint Protection will only report to SCCM console and no other actions. SCCM administrator will decide what to do with the detected malicious objects, so as not to stop the business process if it is infected.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. After uninstalling the client, anti-malware policy settings remain in the version information area of Windows security

    After uninstalling the client, anti-malware policy settings remain in the version information area of Windows security.
    SCCM CB 1902
    Windows 10 1903

    Setting location:
    1. Run ms-settings:windowsdefender
    2. Clieck on [Windows Security]
    3. Click the "gear mark" in the lower left
    4. Click the "Version information"
    5. anti-malware policy settings remain

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. SCEP 2012 -Scanning PST files

    SCEP no longers scans PST files within Outlook 2003 or newer versions. Prior to this it had been working.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Endpoint Protection should ignore Windows 10 devices with Defender disabled by third party protection

    As of SCCM 1802 all Windows 10 devices show as managed in the SCCM console for Endpoint protection, even if those devices have another Antivirus product installed such Symantec Endpoint Protection.

    While I'm all in favour of not requiring the SCEP client on Windows 10, devices where Windows Defender is disabled because another AV product is installed should not show as managed. This is just confusing and makes it hard to see how many devices are actually managed by SCCM.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Create a report that shows "Top Sources of Attack" that displays the source ip address for malware attacks.

    Create a report that shows "Top Sources of Attack" that displays the source ip address for malware attacks.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Give full controll over Windows Defender Controlled Folder Access

    The default configuration in Windows defender controlled access folder blocks folders like pictures, documents, desktop etc. and you can't turn it off. It was difficult to deploy applications so we decided to not use this feature anymore and it's a shame because it's a such a great idea. We would like to have an option to disable this default behavior. At our company We want only to protect network drives/folders and don't care about pictures folders etc.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Tool for determining required registry changes

    In the case of patches (Spectre being one example) that may require extra registry key changes in order to be fully secure from threats, currently the only way to scan an environment for missing changes is using a tool such as Nessus. There should be a way to manage any required changes of this sort that isn't included in rollups within SCCM. I was recently made aware of a change that accompanied MS15-124, an update from December 2015. Even though that patch has been superseded and or rolled up many times over since then, the Microsoft Premier SCCM support team…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make Windows Defender ATP dashboard: clickable

    When I view the dashboard for Windows Defender ATP I can see onboarding status % and agent health but cannot click on the pie chart nothing happens. It would be great if I can see list of machines for each status

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base