Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Defender realtime disable time limit

    We're currently able to allow real time protection in Defender to be managed/disabled. It would be really nice if we could set a max time limit where it would re-enable itself if someone has disabled it.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Shorten Endpoint Protection column titles in results pane

    In the SCCM Admin Console it would be nice to have shorter names for the column titles. Specifically the Endpoint Protection Definition columns.

    I often setup Endpoint Protection Definition Last Version / Last Update Time/ Last Full Scan End Time

    These take up a lot of room and require scrolling. It would be nice to abbreviate Endpoint Protection Definition to EP Def.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Unquarantining detected files through SCCM

    People who have access to SCCM can perform multiple tasks (i.e. initiate a scan, reboot the host...), but can't unquarantine the detected file for file/malware analysis purposes. Being said, it is good if SCCM has the capability of unquarantining some or all quarantined files, zip them with a password and ships them over to some other location that the SCCM admin defined when setting this feature up. It is also good to allow auto unquarantine functionality (meaning, the process mentioned above automatically after each detection if the SCCM admin wants to)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Automate client remediation with System Center Endpoint Protection

    Automate client actions with Endpoint Protection. When a alert is generated due to infection automatically scan the device (either quick or full) and then email on completion and/or status.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Make "Manage TPM" in CM MBAM BitLocker HelpDesk Portal truely to manage TPM

    With CM 1910 MBAM BitLocker upgrade, MBAM BitLocker Helpdesk portal (BitLocker Administration and Monitoring) is available. "Manage TPM" is list one of available option, however, if you take a close look, it is actually alterative to unlock machine.

    It would be nice that "Manage TPM" indeed to have manage TPM actions, select a action and submit to act on the target machine, such as, clear TPM, reset TPM, etc.

    The feature can be helpful to force a machine lockout at the next reboot in case there is a need and helpdesk professional can help.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. bitlocker computer compliance

    Bitlocker computer compliance report does not show the C: drive compliance information if there is an extra drive in the machine (D: for example)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Deploy Microsoft Defender ATP Policy to user collection

    It should be possible to deploy a Microsoft Defender ATP Policy to a User collection, not just a Device collection.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Enhance Web Content Reporting For Time of Day

    When reporting it would be great to see time of day for activity. For example, I may care less about social media or YouTube usage in evenings on company equipment than during the day.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Add time based policys

    For policies, especially related to content filtering, it would be great to have much more strict enforcement during business hours than during non-business hours on company equipment.

    Alternately this would be a good tool to help enforce usage policies for hourly employees who should not be accessing certain equipment after business hours to ensure there are no labor law violations.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. mbam 2016

    Support MBAM Services on Windows Server 2016/2019 systems. We have Physical servers with TPM and bitlocked drives but are unable to leverage the MBAM client and policies on Server class operating systems.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. "Endpoint protection Definition Update Date and Time" / "Antivirus Signature Update Date and Time" missing in the SCCM Defender Console

    Post the Upgrade of SCCM version to 2010, We do not see "Endpoint protection Definition Update Date and Time" / "Antivirus Signature Update Date and Time" option and it is missing in the SCCM Defender Console.
    With this option we used to measure our daily compliance, Though we have Signature versions, that it gets multiple release in a single day it is very difficult for us track with SIngature versions, rather we use the date and time of the signature gets downloaded and reported to the endpoints.
    Without this option we are totally unable to perform any of our daily/weeklyā€¦

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Antivirus exception control gap

    Since implementing antivirus exceptions are a control gap, please allow windows defender to optionally audit excluded directories in scheduled scans in an audit only mode.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. ASR Rule "Block persistence through WMI event subscription" missing

    Windows Defender Exploit Guard - Include setting (which is available by intune or group policy)
    ASR Rule "Block persistence through WMI event subscription"

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. SCEP Marketing and Comparisons to Competition

    SCEP Marketing and Comparisons to Competition. For years I've been trying to get my account team to help us sell our security teams on the idea of switching to SCEP. To do that, we need material to help us market SCEP as a viable solution. We need to be able to compare features from our current vendor to SCEP. We need an objective look at what we gain versus what we give up if we move from our current solution. Unfortunately, it doesn't seem any of this exists.

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Add tab for Antimalware Policies on Collection view similar to Device view

    Although AM Policies are deployed to Collections just like Custom Client Settings, there isn't a tab to show you deployed AM Policies on collection console views.

    Bonus points: Look at Device view and Collection view tabs, and make the names congruent ("Custom Client Settings" vs. "Client Settings")

    Super Bonus Points: Resultant Set of Antimalware Polies view which has been suggested elsewhere for a long time (https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/10237263-add-a-view-for-resultant-set-of-policy-for-anti-ma
    and
    https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/8398638-policy-resultant-for-scep-policy-like-clients-sett)

    Super Extra Bonus Points: Resultant Set of Client Settings and Resultant Set of Antimalware Policies should clearly show what pages were set by what policy. (https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/14855388-resultant-set-of-client-settings-should-show-what)

    Thanks!

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Don't display SCEP Malware Alerts in every User Session

    If you're using the SCEP Client on a RDS Server and Malware has been found, every User on this Server gets a Notification from SCEP.

    This really confuses many users and increases Service-Desk Calls, if you have Servers with for example more then 20 User Sessions.

    Because of this, we currently have no other choice then to hide the User Interface.

    It would be great if the Notification are only shown in the Session of the User, which triggered the Alert.

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Add support for having an apostrophe in a directory name in SCEP Exclusion settings

    If a directory has an apostrophe in it (for example, C:\Program Files\Malwarebytes' Anti-Malware"), it is not possible to add an exclusion of the directory or a file in the directory as an error dialog states "The path contains one or more of the invalid characters." As it is possible to create a directory with an apostrophe in it, it should be possible to add the directory to the exclusion settings for SCEP.

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. security center (WDATP) data in console Like Endpoint Protection status

    I like to have the Data from the securitycenter.windows.com (WDATP) with all the new 1709 Defender features back in to the Console, we have the Endpoint Protection status in there, but It would be really nice to have all the exploit data visible in the console in the Monitoring / Security Workspace. also the possibility to Isolate Machines and so on. One Console for anything.

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. SCCM Client pane in control panel to display Windows defender policy

    Please provide the applicable windows defender application guard , etc policies in the sccm client properties like you already do for baselines . This makes it much easier for troubleshooting .

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. MVP-Allow an app through controlled folder access

    the endpoint protection should have a new malware policy that will allow a central management of the windows defender security center - ransomware protection - allow an app through controlled folder access, allowing the IT admin to add/remove controlled folder access (and maybe give the user access to add extra files whenever required, but allow the IT admin to decide)

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base