Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DCOM errors in System event log when primary site contacts MP in untrusted forest

    Stop the DCOM 10028 errors on a Primary site server that FLOOD the System logs when the primary attempts to contact an MP in an untrusted domain\forest.

    I believe this a result of the order in which CM tries to authenticate to the MP - computer account then network service account - neither of which will work in an untrusted domain scenario. The connection eventual happens as expected using the Installation account. The DCOM errors are bogus errors that can consume a log file for no reason. Seems like some deeper error logging\checking is needed?

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  2. UWF and WCD integration would be an amazing addition for the educational space

    Unified Write Filter and Windows Configuration Designer profiles are both great tools, especially for customers in the education space. We often need to deploy many devices in a "Shared PC" configuration for classrooms, computer labs, etc. It would be amazing if these tools were integrated into SCCM to make deploying and managing them simpler.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Task Sequences should optionally evaluate custom conditions for content download

    The ability to pre-download content for a task sequence, or when downloading all content locally before starting, can be limited by architecture and/or language but more flexibility is needed. Ideally, each step of the task sequence would have an option to have content downloads adhere to the condition defined in the options of the step. Conditional download can be can be achieved using the Download Package Content action but this requires the “download content locally when needed by the running task sequence” option. In disconnected scenarios, such as when using a VPN solution that doesn’t auto-connect, this is not the…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Increase maximum certificate key length for client certs

    The current (1710) maximum key length for client authentication certificates is 2048 bits. Many security-conscious organizations standing up a new PKI in 2017-2018 would prefer a longer key length for all certificates. This requires that the organization lower their standards to utilize computer certificates for computer authentication.

    Reference: https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Filtered Client Push Instalation for Configuration Manager

    While we have this great feature called 'Client Push Installation for Configuration Manager client' and we can turn it on for 'Just Servers' or 'Just Desktops' It would be REALLY wonderful if we could specify a collection we DONT want automatic push to work for. There are certain devices that due to regulation just can't have the client installed. Sucks I can't turn the feature on because 1-5% of my environment can't have the client.

    I'm hoping that since we've already got that logic for clients we don't want to automatically upgrade that something like this might even be easy…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Integrade Configure Manager Properties (Client) Behing Windows 10 new Settings

    Windows 10's legacy Control Panel will probably disappear in a future. How about to extend CM client to show CM properties behind new Win10 GUI?

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Show last cycle completion time in control panel applet

    When an action is triggered in the Control Panel applet on clients, a vague message is displayed saying it will take several minutes to finish. Would like the applet to show last completion time (or 'Running') for each action, similar to how the Configurations (compliance) tab does.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Check if system is excluded from auto client upgrade prior to starting the installation

    Currently when the Auto Client Upgrade is enabled on SCCM the clients will got through a couple of steps to do perform the installation. If a client is a member of the Excluded Devices Collection is checked during the CCMSETUP. For systems with the Unified Write Filter enabled this causes unwanted behavior due to the fact that SCCM disabled the UWF filter and forces a reboot, putting the system in a maintenance mode for about 20 minutes, locking users out.

    I would like to see that the SCCM Client checks if the system is a member of the excluded device…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Show missing dependencies in Tasksequence instead of Reboot

    Show missing dependencies!

    Typically distribution errors (which occur automatically ******) lead to a well-known error in tasksequences:

    HRESULT=80040102
    Failed to resolve selected task sequence dependencies.
    Exiting with return code 0x80040102
    TS environment is not initialized

    OSD only shows "Preparing network connnections..." Then the WinPE tasksequence automatically reboots and boots the currently installed OS.

    Why can't you just show or list missing packages?!?! Or add a skip option? Even SMSTS.LOG isn't helpful...

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Be able to run several actions at once from Configuration Manager Client

    I would like there to be a option to run several actions at once from the SCCM Client. A checkbox for each actions and then a 'Run' button that executes the actions one by one. Either in the order you checked the boxes or by alphabetical.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Before a task sequence starts with a deadline, Policy should first be updated again.

    Before a task sequence is executed, the client policy should first be updated again.

    This is especially the case if the task sequence has a deadline.

    Background information: A Task Sequence with a Deadline Is distributed to a notebook. The notebook gets this policy and knows when the deadline is. The notebook is not turned on after the deadline. In the meantime, the task sequence has been withdrawn (deleted) by an admin. The notebook does not notice this and starts to execute the task sequence at startup.

    This should be unbound by first updating the policy so that this task…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Use Winrm to install SCCM Client

    Add the possibility to use Wirm so securely push the SCCM Client instead of use a connection to the admin$ share.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add the ability to cleanup all drivers not contained in a driver package.

    Currently there is no easy way to cleanup orphaned drivers. This feature would allow an administrator to easily clean up drivers that are no longer part of any driver packages.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Boundary Priority

    Please make available we can set a Priority on Boundary, for example:

    Standard Boundary ist a AD-Site and use DP1 and a Boundary with special IP Subnet for staging clients in the same AD-Site, use a override for use DP2 only.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Maintenance Window Reboot Process

    Consider 2 scenarios:

    A group of servers host an application that requires services to be stopped and disabled before a reboot is initiated, then once all servers are online and responding, the services should be set to automatic and started again.

    A group of servers related to a common application require an ordered reboot sequence. i.e. Update and reboot in this order: Server 1, Server 2, Server 3, Server 4. Simultaneous reboots are not supported, not recommended or cause issues with the application.

    What I propose is an addition to the “Maintenance Windows” tab of a device collection that would…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Reboot required after client upgrade

    sometimes the client needs to be rebooted after an automatic client update. if you're not connected to the machine (ie server), once you connect a notification appears but if you open the software center (old and new) you will not see anything pending reboot (installation status is empty or does not have the information that anything is asking for reboot). it would be great to see under installation status that the client was upgraded and it the machine needs a reboot to complete the installation

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Include seperate client push settings for workstations and servers

    We would like the ability to have seperate client push settings for Workstations vs Servers, specifically the ability to have seperate installation properties.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  18. One stop solution to remediate clients and their health in GUI

    One stop solution to remediate clients and their health in GUI

    If a new client depployment is failed, we have dig all the way into the root cause of every machine failed..If any client is having issues, we are always forced to check the logs etc... We are not sure where exactly the client stuck and for what reason. We need such a tool where we would be able to find what the issue probably is (or where it is stuck )by a simple glance on the machine.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Ability to Control/Limit Wake-Up Proxy Candidates

    The nomination for Wake-Up proxies is fully automated.
    From testing, up to three devices per subnet will remain switched on (or in some cases start back up if a user shuts them down). This is not appropriate in cases where a small office may contain only 4 or 5 machines.
    Additionally, if a server is located at a particular site (DP for example), this should be the sole wake up candidate, due to the fact that the likelihood of that device shutting down is minimal.
    I propose changes to achieve the following:
    1) The ability to designate specific Wake-Up proxies …

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add Site to "Import computer information" wizard

    It is recommended to import computers on the primary site where they should be assigned to, not the CAS, because in some scenarios that causes issues. All administrative tasks should be available from the CAS. It would be great to add the ability to the "Import computer information" wizard to select a primary site (similar to the Client Push wizard). That would then import the computer information remotely on the primary.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base