Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Check all SAN (Subject Alternative Name) entries for FQDN hostname or NETBIOS name when trying to validate a PKI certificate for Client Auth

    Currently, SCCM has a limitation by which it only checks the first entry in a client authentication PKI cert for the FQDN hostname or NETBIOS name. If the first entry does not include either of these, then even though the cert may still be valid, SCCM wont use it.

    For example, for systems we have that sit behind Network Load Balancers, the first entry in their PKI client authentication certs is normally the NLB VIP. While additional entries are present to include the system's FQDN hostname and NETBIOS names, SCCM won't check and therefore won't use the valid PKI cert.

    ā€¦

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Software installation notification

    It would be a great option in App builder to be able to create a custom message that the user would see explaining why a software package is being installed or uninstalled. It would need a method of keeping it on the screen until the user clicks OK..

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Check for an existing CCMexec service before ccmsetup.exe executes.

    Problem: On the client machine, CCMEXEC service is already running, the client is in a healthy state. Then a GPO or Client Push happens, ccmsetup.exe starts and breaks the client communication. The client ends up getting an error stating "another instance of ccmsetup.exe is already running".

    Question: Could you have ccmsetup.exe check for the ccmexec service and quit if the ccmexec service is running?

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Deploy certificate with the Client (like in Intune)

    Certificate would tie up the ConfigMgr Client to a specific site and would make connecting ConfigMgr Clients from the Internet easier with MP in Azure.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Delegate Promote Pre-production Client

    In addition to the Modify and Read permissions on Update Packages class, add a third permission "Promote Pre-production Client" which can be delegated to a non-infra administrator.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. _SMSTaskSequence Should look at largest Local Drive

    SMSTaskSequence designed to look at the largest drive but in the instances of Clusters, that largest drive could be a shared SAN. When the server reboots, it fails because it can not find the SMSTaskSequence content as it is on the other failover cluster. Understand we can use variable SMSTSLocalDataDriveĀ  but the product should be looking for largest local drive as that does make sense in case of a large task sequence deployment to have that content copied to the largest local drive.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Automatic approval of workgroup devices for certain collections

    If sccm is set to NOT auto approve workgroup devices it would be super if there was a function to auto approve devices added to certain collections. That way organizations could choose to auto approve certain machines based on collections and their membership rules instead of either auto approving ALL machines or NO machines.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Keep the CM client store current and secure

    A new client should never result in an unpatched machine. Can't we get a way to keep the redistributable files like Silverlight up to date at all times?

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Pre-Post Script to Client Install

    Allow a custom script Before & After client installation.

    Example Uses:
    - Install Windows Dedup feature, create vhds, mount vhdx as folder, dedup vhdx, reference vhdx folder as sccmcache directory.
    - Force policy collection evaluation, delay x minutes, force policy refresh.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Check for running .exe that need to be closed during "removals" and give the User the option to postpone

    Microsoft provided the ability to check for and close running applications during install operations. We would really like the ability to perform the same action during removals (and include a comment field to inform the user why these applications need to be closed).

    Example: Application X is currently running which halts the removal of application Y. It would be beneficial to detect these running applications, prompt the user to close (or force close after a set time), and allow the removal of application Y to continue.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Send Client removal notification to MP to toggle installed flag

    When a ConfigMgr client is removed from a computer the installed flag remains on Client=Yes, i.e. the real status is not being reflected in the console/database. Instead of relying on aging inventory and the "Clear install flag" maintenance task it would be much more transparent and efficient to send a heartbeat to the MP before the ConfigMgr client is removed to reset the install flag to Client=No. That way not only would the maintenance task be obsolete (there is still Delete Inactive Client Discovery Data to cleanup inactive computers), also a re-installation of the agent would be much faster thanā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Image Creation and MUI Integration builtin

    Please create a possibility to create new OS Image automatically without downloading auf importing the Image. Same for Upgrade packages . And we Need a Working Solution for MUI Installations. TS Variable UI Language in unattend File dont Work since 1607.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Delayed Membership Rules

    It would be useful to be able to add a new rule to a collection that does not take affect until a set time. For example, when a collection for software distribution has an advertisement associated to it, you might want to schedule another distribution by adding another collection that includes another group of devices. Right now we accomplish this by creating a new advertisement. It would be better if we could simply link a new collection specifying a date/time that the collection would become available to ingest the existing advertisement.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. ccmeval fails to correct missing or renamed ccmexec.exe

    If the ccmexec.exe is missing (ie Malware) the ccmeval is not able to remediate and it does not trigger a repair of the SMS Agent Host client

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Sccm client resets its policies and download new ones every couple of days

    Sccm client reset its policies and download new ones every couple of days, it should delete it's policies, inventory and then download new policies, perform inventory and perform a DDR. I currently have a script that does this via a scheduled task.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. FSP configuration on Clients

    I configured a Fallback Status Point on a test site and noticed illogical behavior.
    IntranetHostName Under HKEYLOCALMACHINE\SOFTWARE\Microsoft\CCM\FSP gets the new FSP, but Hostname doesnā€™t get this value. This is noted in LocationService.log every 25 hours ā€˜Updated FSP ā€¦ from AD to local. When I execute ccmsetup.exe on a machine both values get the new FSP.

    FSPStateMessage.log contains errors when HostName is not configured:
    Failed to create HTTP connection
    [CCMHTTP] ERROR: URL=HTTP:///SMSFSP/.smsfsp, Port=80, Options=480, Code=12005, Text=ERRORWINHTTPINVALID_URL
    Successfully queued event on HTTP/HTTPS failure for server '[]'.

    I presume the next message means the FSP Message gotā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. branch cache bandwidth throttle

    Would love to see Branch Cache client check on the subnet before downloading and only have one client download per subnet. Also an end to end bandwidth throttling. Want to have the ability to configure the throttling for the 24 hours a day. Needs to check periodically to verify if any change in the network so adjust the download speed if necessary. By allowing only one per subnet, this lowers the congestion on the network and allowing peer sharing.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Production Client Deployment dashboard displays duplicate records

    Production Client Deployment dashboard displays duplicate records especially for Not Compliant subset of discovered computers. It's confusing because it shows data which is not in line with the real client numbers. It seems like the report shows every state message reproted by the particular machine related with client installation. for some of them, there are more than one such message, so the machine comes up multiple time and the total count is wrong.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Full Support for client certificates using Elliptic Curve Cryptography

    A month ago, our server team updated client certs on all workstations to ECC certificates with sha-384 hash algorithms. This caused clients in my environment to stop communicating with my MP. Fortunately, this is only a test environment as we are still building Configuration Manager. Had this been production, this would have been a disaster. There is no official Microsoft documentation indicating this type of certificate is not supported, so neither my team nor the server team would have known. Please provide full support for these certificates in the next major release and update documentation.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Give the possibility to migrate installed applications from one Machine to another like USMT with profiles

    When a User gets a new Laptop he need to install all his software again. It would be great when it would be possible to collect the installed software who was installed via Software Center and redeploy them via the Variables in "Install Application" TS step

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base