We would like to see the ConfigMgr client endpoint protection aspect to be able to block read and/or write access to removable media and if need be admins able to password bypass. This is one aspect of 3rd party endpoint protection software that prevent companies form switching to ConfigMgr for endpoint protection.

When configuring exclusions and exceptions in WDAC or Exploit Guard via SCCM, whitelisting a path within a mapped network drive is non functional.

A Malware Detail button that actually links to actionable/useful information. The existing malware detail buttons link to pretty much blank malware detail pages on MS documentation sites. They are not useful. If you can't do the analysis, can you provide links to actual CVEs or other trusted sources?

After uninstalling the client, anti-malware policy settings remain in the version information area of Windows security.
SCCM CB 1902
Windows 10 1903

Setting location:
1. Run ms-settings:windowsdefender
2. Clieck on [Windows Security]
3. Click the "gear mark" in the lower left
4. Click the "Version information"
5. anti-malware policy settings remain

SCEP no longers scans PST files within Outlook 2003 or newer versions. Prior to this it had been working.

Create a report that shows "Top Sources of Attack" that displays the source ip address for malware attacks.

Currently the colours used in the Overall Status report don't match more standard "traffic lights (Green/Yellow/Red)" type colours. e.g. Currently red indicates definitions 3-7 days, Dark Blue defs older than 7 days. Installation Failed is blue, while a restart is Red. Essentially, it would be handy if the colours matched more closely to the criticality of the item they represent

Allow override an existing policy on Import. This makes it easier to develop new settings and bring it to production without having to give it a new name and create a new deployment.

When there is sensitive information disclosure risk, end users aren't authorized by my org to approve/deny sample submission, but disabling the feature entirely misses out on an important security insight.

Please make it possible to hide sample submission requests from end users - and instead send them to the Configuration Manager Console for IT admin approval; clients should hold onto the proposed sample data locally until submission is approved or denied.

Endpoint Protection - Monitoring mode only.

Sometimes, in first Endpoint Protection deploying in specific business sensetive networks, we need option to detect malwares and monitor only without any actions with malwares. If malware detected Endpoint Protection will only report to SCCM console and no other actions. SCCM administrator will decide what to do with the detected malicious objects, so as not to stop the business process if it is infected.

Instead of having organizations manually create shares and write custom scripted solutions for downloading the updates, have ConfigMgr natively be able to handle this.

ConfigMgr Site Settings:
- Define 1 or more network locations
- Define an update schedule for how often ConfigMgr will download new SCEP updates to those locations
- Optional settings - Define proxy information and service account

It would be awesome if it did this through a scheduled task so it could survive ConfigMgr services being down (primary/db, etc).

As of SCCM 1802 all Windows 10 devices show as managed in the SCCM console for Endpoint protection, even if those devices have another Antivirus product installed such Symantec Endpoint Protection.

While I'm all in favour of not requiring the SCEP client on Windows 10, devices where Windows Defender is disabled because another AV product is installed should not show as managed. This is just confusing and makes it hard to see how many devices are actually managed by SCCM.

Device Guard Application Whitelisting, being able to transistion from Audit to enforced without having to redeploy all applications. This would mean you could move from audit where you reinstall the apps and ensure you have compliance and won't break anything to enforced and if you experience some issues and need time to remediate you should be able to go back to audit to fix it. If this could then be enhanced so you can move to a new SCCM solution without extra configuration that would be very impressive.

In some cases, the naming is different in Intune, MDATP and ConfigManager, but in the background it is the same setting, this is not only for Defender, it is for all Defender tools, like expoit guard, Microsoft Active Protection Service (MAPS) and so one. That would be nice...

Be able to manage Controlled Folder Access on Windows Server 2019 from Microsoft Endpoint Configuration Manager

Please set an RBAC-Model for the Advanced Hunting Feature, like the RBAC-Model for Log Analytics.
This will give us more control, who can access the critical data from Advanced Hunting.

I do not see a way to add a hash to endpoint protection. We had malware recently that endpoint protection did not catch. We have the hash number but I didn't find a way in SCCM to add that.

This will be risk avoidance against well known attack vector while users still able to use USB ports for peripherals and mouse. Working from home/cafes made this threat more serious.
I am not asking for USB ports disablement but only the storage one as below.
HKLM : Key Local Machine > System > CurrentUserSet > Services > USBSTOR > 4

This is Windows 10 feature and to be enabled from Settings. It will impact Storage only while peripherals and mouse still work.

Please collect and provide logs for executed queries (timestamp, user, query, result, etc.) in Advanced Hunting, since it contains user activity data and could be used for tracking, etc.