Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Security Scope for new Software Update Groups created by Automatic Deployment Rules

    When creating roles for software update managers, I would like them to only be able to manage software update groups specific to their responsibilities using security scopes. When SUG's are created by ADR's, they do not have a security scope applied. Ideally, the ADR itself and each SUG could have different security scopes.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Granular Client Notification Permissions

    Would it be possible to break out individual permissions for each of the "Client Notifications".

    When enabled, if I right-click a device or collection I get the usual selection of options, "Download computer policy", "Collect Hardware Inventory", etc. Those are fine, but the big one that caries a high degree of risk is "Restart"

    So rather than have a single option in [Security Role] -> [Collection] -> [Notify Resource]

    ...the "Notify Resource" is in it's own permission branch and each notification option can be enabled/disabled for that role.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. SCCM with multi boot selection, like mdt + wds

    Run 3rd party solutions from pxe ex: macrium, live cds ...

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support Scale Out File Server

    Currently SCCM doesnt support SQL Databases stored on a Scale Out File Server. The installation will error out when it queries WMI on the SQL Server, also queries embedded inside of hman.dll will cause errors as it expects to find a drive letter rather than a UNC path.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Secure Credential/secret variable Resource

    Add a secure credential/secret variable resource to pass secure variables to task sequence steps and application command lines.

    For instance, this would be useful to securely storing and passing a BIOS password for securing, configuring, and upgrading BIOS.

    Additionally, this could be used for authentication tokens or specifying an alternate user context in a script.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. RBA Role Prompt when launching console

    Many of the other System Center products allow a single user account to have many different roles assigned, and instead of merging them like Configuration Manager does, they prompt at login which role should be applied. This allows an admin for example, to have one account that they can manage all workstations, but then reopen the same console and choose a different role to manage all servers. This would solve many issues that come up when dealing with scoping issues where an object that was created do not have the correct scopes applied. It will also address a concern that…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. RBAC Based on Folder and not Limiting Collections

    RBAC based on folder would be more intuitive (because we all use it on OS levels).
    It would also simplify management and headache ,
    example :
    A company has 2 entities Contoso and Microsoft
    This Company do application's collection dedicated for each branches but also do application's collection for general use

    User A has a RBAC Limited on Contoso Users
    User B has a RBAC Limited on Microsoft Users

    I want User A to see all Contoso and General apps's collection

    Today impossible because General Apps's collecton are limited to ALL USERS and User A is limited to All Contoso…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to Assign Wake on Lan to Security Scopes

    Currently to remotely wake up workstations, you have to have the default security scope applied to the user who needs to wake up the workstation. It would be great if you could use other security scopes as well.

    When an employee is remote and they accidentally turn off their computer, we have to send someone to physically turn it back on. We gave our help desk some permissions. If they could use wake on lan without having access to everything the default security scope provided, it would make things significantly easier.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Improvements for search functionality

    When searching, allow multiple "AND" filters on the same criterion. For example, when viewing All Windows 10 Updates in Windows 10 Servicing, I'm currently seeing 798 items. I can filter by language to reduce that, but I'd also like to filter on the title multiple times to exclude editions such as 'Education N', 'Pro N' and 'Team' but I can't because when I add a second Title filter, it automatically puts an "OR" operation next to it.

    Also, when searching for objects like Collections or Apps in a large sub-folder structure, would it be possible to include a column in…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Remove the requirement for 'modify' permissions for Phased Deployments

    The Phased Deployment functionality for Applications and Task Sequences require the 'modify' permission on each of the objects in order to be able to create a phased deployment. Software Update Groups, on the other hand, dont have this requirement. In a large distributed environment, the administrators who manage clients in collections and deploy content (Applications, Packages, Task Sequences, etc.) are not always allowed to create the Applications or Task Sequences. In our large PUBSEC customer, the application and TS authors are separate from the site level admins, but our site level admins would like to take advantage of phased deployments.…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Respect user communication preferences

    I updated my Microsoft communication preferences to stop all the emails from the ConfigMgr team as I could. I still get survey requests and such. Please stop spamming me.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add functionality to the “Set approval due date” item in the “Automatic approval” WSUS option

    Please add more detailed settings to the “Set approval due date” item in the “Automatic approval” WSUS option, such as the ability to freely set the timing of approvals, etc.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. ability to apply security scopes to deployments

    would be great if we could set security scopes on deployments. we offer sccm as a service to multiple groups using RBA. one group provides applications that can be viewed by all other groups. unfortunately they cannot see all of the deployments made from these applications as they only have visibility to their own devices/collections.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Make it possible to link Windows Update for Business with WSUS

    In an environment where clients are managed by WSUS, in cases where one wants to extend the application of critical update programs for a long time, Windows Update for Business can be used, but please make it possible to manage Windows Update for Business functionality using WSUS.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow Machine Auth for Admin Service RestfulAPI

    Allow machine authentication using API certs or other method to authenticate against the RestfulAPI service. This would allow scripts and tasks to query CM for dynamic lists of packages, applications, etc...

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Export any result from console queries

    I think It will be very usefull if we a way to export/print queries that we made in console, and not just from report or SQL query..

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Shedule and Rate Limits Per Group

    It would be nice if we have shedule and rate limits per distribution group instead of having it configured by dp only. So a mix of both will be great having the group config superseding the dp one...

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Move RBAViewer into the console

    RBA Viewer has been overlooked for too long and offers a lot of great features over the admin console. Why not combine the features into the console?

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Compare custom security roles against built-in roles

    When looking at an SCCM site I am often presented with a bunch of custom security roles, I can check the permissions but actually it's really difficult to compare that role against the built-in roles to see what the difference is. A compare feature would be nice.
    Taking that one step further, it would be great to get a resultant set of policy type feature where I can input a user and it will show me what permissions they will have in the SCCM console.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Use DNS for IP addresses

    Use DNS records for IP addresses instead of internally discovered IP. This allows machines to change their IP, between subnets or wired/wireless

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base