Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.
If you require assisted support, please see https://aka.ms/cmcbsupport for more details.
-
about window 10 security
there is problem in windows 10 , the problem is your security . the security problem is " any one can rest your profile without make pin or password " and i have lost my all data from my documents .
and i am the biggest fan of my windows 10 .1 vote -
Have more than one post a year on the team blog.
One post in 2015.
2 posts in 2016.
None in 2017.
Last post over 12 months ago.
Not a Blog...1 vote -
I would like to request for an downloadable link to the latest SCEP Installer
I would like to request for an downloadable link to the latest SCEP Installer. I have a restricted environment that is not managed by config manager. We have SCEP running on over 200k clients, configured by GPO. These machines are deployed using images. To ensure the client is not required to download SCEP+SP1+definition updates, the intent is to pre-load the updated VHD/WIM with the latest version of SCEP, so that the server is not taxed with having to download those updates from WSUS.
1 vote -
SQL Server Reporting - Endpoint Protection
Unhide Endpoint Protection Reports (Default is hidden)
SQL Server Reporting Services > ConfigMgr_Site > Endpoint Protection (Now click Details view top right, select Endpoint Protection again) There is an Endpoint Protection - Hidden folder1 vote -
More details reports OOB and easily dashboard that can be easily customize for SCEP
Our security guys find that the OOB reports are not as details as let say Symantec Endpoint Protection Manager. Would love to see out of the box reports. Also, the Collection drop down list on the reports or console in relationship to SCEP does not work well with RBA. I have multiple I.T departments and I set up Collections for each sites for restriction where each site can only see their own collection. When in SCEP, the drop down collection list will show as empty.
1 vote -
Add IP addresses to SCEP Logs
In SCEP logs add the option to show the IP address in addition to the hostname.
This would be beneficial for SIEM tools as you can more easily correlate events between systems as some systems (routers for example) only use IPs and not hostnames
1 vote -
SCEP - support drive wildcards in exclusions
I am currently migrating exclusions from MacAfee where they can use drive exclusions. Because we can put something in c:\programfiles\programname or d:\programfiles\programname I have to exclude all paths that someone may put the application into. In MacAfee they can do **\programname\exclusion.
1 vote -
Defender realtime disable time limit
We're currently able to allow real time protection in Defender to be managed/disabled. It would be really nice if we could set a max time limit where it would re-enable itself if someone has disabled it.
1 vote -
Shorten Endpoint Protection column titles in results pane
In the SCCM Admin Console it would be nice to have shorter names for the column titles. Specifically the Endpoint Protection Definition columns.
I often setup Endpoint Protection Definition Last Version / Last Update Time/ Last Full Scan End Time
These take up a lot of room and require scrolling. It would be nice to abbreviate Endpoint Protection Definition to EP Def.
1 vote -
Unquarantining detected files through SCCM
People who have access to SCCM can perform multiple tasks (i.e. initiate a scan, reboot the host...), but can't unquarantine the detected file for file/malware analysis purposes. Being said, it is good if SCCM has the capability of unquarantining some or all quarantined files, zip them with a password and ships them over to some other location that the SCCM admin defined when setting this feature up. It is also good to allow auto unquarantine functionality (meaning, the process mentioned above automatically after each detection if the SCCM admin wants to)
1 vote -
Make "Manage TPM" in CM MBAM BitLocker HelpDesk Portal truely to manage TPM
With CM 1910 MBAM BitLocker upgrade, MBAM BitLocker Helpdesk portal (BitLocker Administration and Monitoring) is available. "Manage TPM" is list one of available option, however, if you take a close look, it is actually alterative to unlock machine.
It would be nice that "Manage TPM" indeed to have manage TPM actions, select a action and submit to act on the target machine, such as, clear TPM, reset TPM, etc.
The feature can be helpful to force a machine lockout at the next reboot in case there is a need and helpdesk professional can help.
1 vote -
bitlocker computer compliance
Bitlocker computer compliance report does not show the C: drive compliance information if there is an extra drive in the machine (D: for example)
1 vote -
Bitlocker exception for USB only
Currently with MBAM integration, the only exception is for the whole device to be excluded. We have certain USB devices (scanners/cameras/medical equipment) that is seen as USB mass storage and therefore encryption is required along with some users who have legitimit business reasons to not need to encrypt USB devices. We still require the HDD to be encrypted but allow the USB to be excluded.
We have our current GPO based bitlocker set with the USB encryption in a seperate policy so it can be excluded by devices in an AD group to allow these scenarios. Currently this prohibits moving…1 vote -
Deploy Microsoft Defender ATP Policy to user collection
It should be possible to deploy a Microsoft Defender ATP Policy to a User collection, not just a Device collection.
1 vote -
Enhance Web Content Reporting For Time of Day
When reporting it would be great to see time of day for activity. For example, I may care less about social media or YouTube usage in evenings on company equipment than during the day.
1 vote -
Add time based policys
For policies, especially related to content filtering, it would be great to have much more strict enforcement during business hours than during non-business hours on company equipment.
Alternately this would be a good tool to help enforce usage policies for hourly employees who should not be accessing certain equipment after business hours to ensure there are no labor law violations.
1 vote -
mbam 2016
Support MBAM Services on Windows Server 2016/2019 systems. We have Physical servers with TPM and bitlocked drives but are unable to leverage the MBAM client and policies on Server class operating systems.
1 vote -
Windows Defender Application Guard support for Enterprise PKI
When Application Guard is configured through Group Policy, Enterprise PKI roots can be imported into the Application Guard container, but this setting is not available directly in Configuration Manager.
Adding this setting to Configuration Manager would allow easier configuration, and also prevent having two places where Application Guard is configured.
1 vote -
"Endpoint protection Definition Update Date and Time" / "Antivirus Signature Update Date and Time" missing in the SCCM Defender Console
Post the Upgrade of SCCM version to 2010, We do not see "Endpoint protection Definition Update Date and Time" / "Antivirus Signature Update Date and Time" option and it is missing in the SCCM Defender Console.
With this option we used to measure our daily compliance, Though we have Signature versions, that it gets multiple release in a single day it is very difficult for us track with SIngature versions, rather we use the date and time of the signature gets downloaded and reported to the endpoints.
Without this option we are totally unable to perform any of our daily/weekly…1 vote -
Antivirus exception control gap
Since implementing antivirus exceptions are a control gap, please allow windows defender to optionally audit excluded directories in scheduled scans in an audit only mode.
1 vote
- Don't see your idea?