Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, seeĀ https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Easier / Simplified Creation of Custom Roles from the Console

    Currently, if we want to delegate additional/certain permissions that are above what a group has, we must choose a higher role with more permissions and roll them back to the achieve a desired set. Example: the new Scripts feature adds the permission to the Operations Admin and Full Admin roles. If we want to add that role to a Desktop engineer group, we must copy the Operations Admin group and roll back permissions to the desired level. It would be much more desirable to have this ability to right click and create a new role and then add permissions versusā€¦

    26 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Create a new option in RBAC that disallows a user from modifying ONLY a maintenance window, but allows for other device collection changes.

    Currently if you disable the modification of settings in a device collection through RBAC, you cannot modify ANY settings. I wish there was a way to only disallow the modification of Maintenance Windows.

    24 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Include the Reports Viewer Role out of the box

    Why not automatically include a reports viewer security role out of the box with CM? As a consultant I install CM from scratch regularly and always have to add this role manually as every customer wants it.

    Brian Mason and Kent Agerlund give examples here:
    http://www.mnscug.org/blogs/brian-mason/162-report-user-role
    http://blog.coretech.dk/kea/creating-the-reporting-user-role-in-configmgr-2012/

    15 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Importing a new device with variables doesn't work if you don't have access to ALL devices\ All Systems Collection

    We have RBAC implemented such that console users do not have read permission to the All System collection. Instead, we have delegated collections of devices to which they can admin, using a query rule to include device objects created matching certain criteria (name starts with some defined value, no client registered, created via manual machine entry, CAS site code). The issue is that when using the computer import wizard and selecting to use a CSV for bulk import, the wizard crashes with a permission error when defining device variables. The wizard succeeds only if the devices are imported ignoring theā€¦

    15 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. ability to security scope phased deployments

    phased deployments for task sequences, applications, and software updates are great BUT only work for users who have the ALL security scope applied to them. we offer sccm as a service to multiple groups using RBA and they all have their own security group. as such, we are unable to offer the phased deployments feature in sccm to our customers.

    13 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Elevated Access - Delete Collections

    Full Administrators should have the ability to delete collections no matter what roles are assigned. Currently in our environment we have multiple roles that have access to various collections and once a collection is created it cannot be deleted unless it is removed from a large number of roles.

    Request to have the ability to delete with confirmation, this will remove the collection (if empty) no matter what assignments are set on it.

    9 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Separate sections for boundary group preferred site systems or select the role the site system will provide for group

    We can assign MP, DP, and SUP to a boundary group as a client preference, but this is all within one section. It would be nice to have this broken up into the roles so we can assign accordingly. If you have servers with multiple roles you may not want clients using every role. If I have Server1 with the MP and DP role in one region and Server2 in another region with just MP. I have a boundary group set to use Server2 for MP and another server for a DP. Server2 goes down and I need to setā€¦

    7 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Create JEA templates for diffrent SCCM roles

    Just Enough Administrator (JEA https://msdn.microsoft.com/en-us/library/dn896648.aspx) is something that would increase security and enable support personell to troubleshoot SCCM on clients/server without giving them full administrator rights.

    Maybe you could provide JEA templates that match the diffrent RBAC roles in SCCM.

    For example a JEA Patch Admin template could allow the following:
    - Read SCCM logs
    - Read Windowsupdate.log
    - Restart the Windows Update service
    - Read WMI related to Updates
    - and so on.

    Providing templates like this would simplify the process of getting started with JEA. It would be even better if MS could provide templates for otherā€¦

    7 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Configuration manager service Account Management

    Hi All,

    It very difficult to manage the password of service accounts in different place in Configuration for different options, like Domain join, network access, client installation. Because we need to input every time when we configure the settings. Instead of this, we have centeral control management of user name or service account and password management, so it will reflect in all components once the they select the user name.

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Inventoried Software Device Targeting

    Under Asset Intelligence>Inventoried Software, it would be nice to be able to target collection of devices here.

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. To deploy a compliance policy, user's security role needs Modify permissions on Site

    For users assigned custom RBAC roles. They're unable to deploy compliance policies - with permissions Site - modify - No
    The operation fails with error "You do not have security rights to perform this operation"
    The security role needs to have Site - modify - Yes.
    Customer claims prior to 1710, this was possible.
    Other deployments like applications, packages are working with Site - modify - No

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Maintenance Windows - Allow to multi select instead of one feature

    Allow to have maintenance windows apply to multiple features and not just for one specific feature (or for everything).

    A multi select dropdown would be great!

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Ability to provision gMSA as an Administrative User

    As of CB 1702, we can provision AD Users or Groups as administrative users in SCCM. However, gMSAs (Group Managed Service Accounts) can't be directly provisioned - though you can work around that by creating an AD group with the gMSA as a member and provisioning that group in SCCM.

    It'd be helpful if we could directly provision gMSAs in SCCM; I don't see any reason why this shouldn't be allowed.

    Thanks

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. effective permissions

    Provide the ability to see the effective permission of an administrative user in the security node. This can be similar to the effective policies for client settings. The RBA viewer provides the show me information but you are not able to pick an administrative user and see what all their inherited permissions are in the console.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Option to schedule in-console update

    Hey. It would be so nice to be able to schedule updates to sccm from the Updates and Servicing node in the console.

    Any chance?

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Support Scale Out File Server

    Currently SCCM doesnt support SQL Databases stored on a Scale Out File Server. The installation will error out when it queries WMI on the SQL Server, also queries embedded inside of hman.dll will cause errors as it expects to find a drive letter rather than a UNC path.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Secure Credential/secret variable Resource

    Add a secure credential/secret variable resource to pass secure variables to task sequence steps and application command lines.

    For instance, this would be useful to securely storing and passing a BIOS password for securing, configuring, and upgrading BIOS.

    Additionally, this could be used for authentication tokens or specifying an alternate user context in a script.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Run Task Sequence Step - Enhancements

    Make the Run Task Sequence Step icon a different in some way (different shape, different color, etc) to make it stand out. Also add the ability to open properties and edit the targeted TS from the parent TS.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. RBA Role Prompt when launching console

    Many of the other System Center products allow a single user account to have many different roles assigned, and instead of merging them like Configuration Manager does, they prompt at login which role should be applied. This allows an admin for example, to have one account that they can manage all workstations, but then reopen the same console and choose a different role to manage all servers. This would solve many issues that come up when dealing with scoping issues where an object that was created do not have the correct scopes applied. It will also address a concern thatā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Improvements for search functionality

    When searching, allow multiple "AND" filters on the same criterion. For example, when viewing All Windows 10 Updates in Windows 10 Servicing, I'm currently seeing 798 items. I can filter by language to reduce that, but I'd also like to filter on the title multiple times to exclude editions such as 'Education N', 'Pro N' and 'Team' but I can't because when I add a second Title filter, it automatically puts an "OR" operation next to it.

    Also, when searching for objects like Collections or Apps in a large sub-folder structure, would it be possible to include a column inā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base