Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. MVP-Allow an app through controlled folder access

    the endpoint protection should have a new malware policy that will allow a central management of the windows defender security center - ransomware protection - allow an app through controlled folder access, allowing the IT admin to add/remove controlled folder access (and maybe give the user access to add extra files whenever required, but allow the IT admin to decide)

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. The Defender (EP) messages in ConfigMgr should be accessible to a SIEM system

    at the moment all the AV messages are in ConfigMgr, but if there is an outbreak there is only one way, via mail about alerting in CM, or we can configure StatusMessage rules to start something. Can we have a option to grab that infos to a SIEM like sentinel to get faster response about an outbreak? We need also reporting (very slow) and other mechanism in ConfigMgr that are very slow, but alerts in this case should be faster, like CM-Pivot automation to send some info's directly to a SIEM system, to get more possibility's.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. SCCM Client pane in control panel to display Windows defender policy

    Please provide the applicable windows defender application guard , etc policies in the sccm client properties like you already do for baselines . This makes it much easier for troubleshooting .

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ask change the requirements of Endpoit Protection Point

    Ask change the requirements of Endpoit Protection Point. When we are installing Endpoit Protection Point the Windows Defener service should be started on the server. Because we are using a third-party anti-virus software, even if Windows Defener does not operate as an anti-virus software, we do not want to be configured to coexist multiple anti-virus.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Don't display SCEP Malware Alerts in every User Session

    If you're using the SCEP Client on a RDS Server and Malware has been found, every User on this Server gets a Notification from SCEP.

    This really confuses many users and increases Service-Desk Calls, if you have Servers with for example more then 20 User Sessions.

    Because of this, we currently have no other choice then to hide the User Interface.

    It would be great if the Notification are only shown in the Session of the User, which triggered the Alert.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. SCEP Marketing and Comparisons to Competition

    SCEP Marketing and Comparisons to Competition. For years I've been trying to get my account team to help us sell our security teams on the idea of switching to SCEP. To do that, we need material to help us market SCEP as a viable solution. We need to be able to compare features from our current vendor to SCEP. We need an objective look at what we gain versus what we give up if we move from our current solution. Unfortunately, it doesn't seem any of this exists.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Wildcards can not be used when configuring Excluded Processes in Exclusion Settings in the anti-malware policy

    Wildcards can not be used when configuring Excluded Processes in Exclusion Settings in the anti-malware policy.
    Since it is judged as an invalid character string, please add a function so that it can be used.

    With Windows Defender alone, you can use wildcards for process exclusion.

    Use wildcards in the process exclusion list
    https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-process-exclusion-list

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add tab for Antimalware Policies on Collection view similar to Device view

    Although AM Policies are deployed to Collections just like Custom Client Settings, there isn't a tab to show you deployed AM Policies on collection console views.

    Bonus points: Look at Device view and Collection view tabs, and make the names congruent ("Custom Client Settings" vs. "Client Settings")

    Super Bonus Points: Resultant Set of Antimalware Polies view which has been suggested elsewhere for a long time (https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/10237263-add-a-view-for-resultant-set-of-policy-for-anti-ma
    and
    https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/8398638-policy-resultant-for-scep-policy-like-clients-sett)

    Super Extra Bonus Points: Resultant Set of Client Settings and Resultant Set of Antimalware Policies should clearly show what pages were set by what policy. (https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/14855388-resultant-set-of-client-settings-should-show-what)

    Thanks!

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add support for having an apostrophe in a directory name in SCEP Exclusion settings

    If a directory has an apostrophe in it (for example, C:\Program Files\Malwarebytes' Anti-Malware"), it is not possible to add an exclusion of the directory or a file in the directory as an error dialog states "The path contains one or more of the invalid characters." As it is possible to create a directory with an apostrophe in it, it should be possible to add the directory to the exclusion settings for SCEP.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
1 2 3 4 6 Next →
  • Don't see your idea?

Feedback and Knowledge Base