Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please add the ability to Restrict Task Sequence "Export" function

    We have multiple user Groups covering multiple Business units. Image Engineering guys create TS for different groups and wants them to just deploy (only) . They DO NOT want the other groups to view the content of the TS nor EXPORT it . However , it appears RBAC Does NOT offer such permission level to control the access to TS.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Granular Client Notification Permissions

    Would it be possible to break out individual permissions for each of the "Client Notifications".

    When enabled, if I right-click a device or collection I get the usual selection of options, "Download computer policy", "Collect Hardware Inventory", etc. Those are fine, but the big one that caries a high degree of risk is "Restart"

    So rather than have a single option in [Security Role] -> [Collection] -> [Notify Resource]

    ...the "Notify Resource" is in it's own permission branch and each notification option can be enabled/disabled for that role.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. SCCM with multi boot selection, like mdt + wds

    Run 3rd party solutions from pxe ex: macrium, live cds ...

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Support Scale Out File Server

    Currently SCCM doesnt support SQL Databases stored on a Scale Out File Server. The installation will error out when it queries WMI on the SQL Server, also queries embedded inside of hman.dll will cause errors as it expects to find a drive letter rather than a UNC path.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Secure Credential/secret variable Resource

    Add a secure credential/secret variable resource to pass secure variables to task sequence steps and application command lines.

    For instance, this would be useful to securely storing and passing a BIOS password for securing, configuring, and upgrading BIOS.

    Additionally, this could be used for authentication tokens or specifying an alternate user context in a script.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. RBA Role Prompt when launching console

    Many of the other System Center products allow a single user account to have many different roles assigned, and instead of merging them like Configuration Manager does, they prompt at login which role should be applied. This allows an admin for example, to have one account that they can manage all workstations, but then reopen the same console and choose a different role to manage all servers. This would solve many issues that come up when dealing with scoping issues where an object that was created do not have the correct scopes applied. It will also address a concern thatā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Ability to Assign Wake on Lan to Security Scopes

    Currently to remotely wake up workstations, you have to have the default security scope applied to the user who needs to wake up the workstation. It would be great if you could use other security scopes as well.

    When an employee is remote and they accidentally turn off their computer, we have to send someone to physically turn it back on. We gave our help desk some permissions. If they could use wake on lan without having access to everything the default security scope provided, it would make things significantly easier.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Improvements for search functionality

    When searching, allow multiple "AND" filters on the same criterion. For example, when viewing All Windows 10 Updates in Windows 10 Servicing, I'm currently seeing 798 items. I can filter by language to reduce that, but I'd also like to filter on the title multiple times to exclude editions such as 'Education N', 'Pro N' and 'Team' but I can't because when I add a second Title filter, it automatically puts an "OR" operation next to it.

    Also, when searching for objects like Collections or Apps in a large sub-folder structure, would it be possible to include a column inā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Remove the requirement for 'modify' permissions for Phased Deployments

    The Phased Deployment functionality for Applications and Task Sequences require the 'modify' permission on each of the objects in order to be able to create a phased deployment. Software Update Groups, on the other hand, dont have this requirement. In a large distributed environment, the administrators who manage clients in collections and deploy content (Applications, Packages, Task Sequences, etc.) are not always allowed to create the Applications or Task Sequences. In our large PUBSEC customer, the application and TS authors are separate from the site level admins, but our site level admins would like to take advantage of phased deployments.ā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Respect user communication preferences

    I updated my Microsoft communication preferences to stop all the emails from the ConfigMgr team as I could. I still get survey requests and such. Please stop spamming me.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. ability to apply security scopes to deployments

    would be great if we could set security scopes on deployments. we offer sccm as a service to multiple groups using RBA. one group provides applications that can be viewed by all other groups. unfortunately they cannot see all of the deployments made from these applications as they only have visibility to their own devices/collections.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Allow Machine Auth for Admin Service RestfulAPI

    Allow machine authentication using API certs or other method to authenticate against the RestfulAPI service. This would allow scripts and tasks to query CM for dynamic lists of packages, applications, etc...

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Export any result from console queries

    I think It will be very usefull if we a way to export/print queries that we made in console, and not just from report or SQL query..

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Shedule and Rate Limits Per Group

    It would be nice if we have shedule and rate limits per distribution group instead of having it configured by dp only. So a mix of both will be great having the group config superseding the dp one...

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Move RBAViewer into the console

    RBA Viewer has been overlooked for too long and offers a lot of great features over the admin console. Why not combine the features into the console?

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Compare custom security roles against built-in roles

    When looking at an SCCM site I am often presented with a bunch of custom security roles, I can check the permissions but actually it's really difficult to compare that role against the built-in roles to see what the difference is. A compare feature would be nice.
    Taking that one step further, it would be great to get a resultant set of policy type feature where I can input a user and it will show me what permissions they will have in the SCCM console.

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Use DNS for IP addresses

    Use DNS records for IP addresses instead of internally discovered IP. This allows machines to change their IP, between subnets or wired/wireless

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. AD User Discovery should support incremental discovery

    AD User Discovery should support incremental discovery when using groups as search base. Currently this is not supported. We have the challenge to discover user being located somewhere in the Active Directory, not being allowed to discover all users. Therefore, we have only the chance to put all users in a group and discover all users from this group. Unfortunately, delta discovery is not supported for AD User Discovery. For some reasons it's supported for AD Group Discovery, but not for AD User Discovery. It would be great if this could be enabled in particular because there is no realā€¦

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Maintenance Windows for Content Downloading

    Have an option within the Maintenance Window settings to not only apply the window to software updates and deployments but to the machines ability to download content as well. Sometimes there is a need to have a complete blackout of activity on machines during a certain window of time.
    This is not related to limiting the bandwidth for BITS but actually wanting nothing using resources disk, CPU etc. on the local machines.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. 1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base