Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add an option to copy a deployment to another collection

    Similar to a phased deployment, it'd be nice to have an easy way, in the SCCM console, to copy a deployment to another collection.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  2. I would love to see the ability to create collections directly from the Inventoried Software section of Asset Intelligence

    Being able to right click an inventoried software and create a collection based on that inventoried software would be extremely helpful in easily affecting the computers for updates of said software.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Allow intranet device to use Primary Site Server for MP, CMG for DP

    This would be useful for district sites. It would help reduce on-prem DPs and replace them with the CMG. This could be set in the boundary group settings.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Content management and monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  4. Deployment status shows deployment run time column

    It would be nice to see a column in the deployment status in Monitoring that showed the deployment run time for each device. It currently only shows the Deployment Time which is the same for every device in a deployment to a particular collection.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Content management and monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  5. Make Orchestration more useful for Clusters

    I wish Orchestration can pick up the secondary servers to patch first and then patch the primary server. This is a big help for clusters because I don't need to worry about too many failovers.
    Right now you can achieve this but you need to manually feed the machines and specify the sequence which is more prone to mistake.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  6. HTTP Strict Transport Security (HSTS) 'NOT ENFORCED' on CMG provisioned Virtual Machine.

    The VM that is automatically provisioned as part of the Cloud Management Gateway setup from the ConfigMgr console, when security scanned, indicates HSTS is not turned on/ enforced.

    This has been discussed with Microsoft Support and Configuration Manager experts from Microsoft, as this is obviously a concern. All attempts to mitigate this issue failed as any settings made as advised by Microsoft were reverted or failed to mitigate the issue.

    We have assurances the service is secure however, we are aware that HSTS being off is recognised as a vulnerability to Microsoft and you recommend all to enforce this on…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriate…  ·  Admin →
  7. Remote connection ability in Support Center One Trace

    Please include the functionality of Remote Connection in One Trace,
    In Enterprise support, most situations are that you need to read log files from remote clients.
    I understand that it can be a workload on the WAN link, but that is up to the admin's to decide in their own environment.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  1 comment  ·  SDK, PowerShell, and tools  ·  Flag idea as inappropriate…  ·  Admin →
  8. Run Script Needs Better Logging on the Server Side

    The scripts.log on the client is great, but I have seen where the console never gets results. I've waited 10 minutes and it just sits there showing the green progress bar. The script itself runs in less than 2 seconds. The MPRelayMsgMgr.log and SMSMessageProcessingEngine.log on the server don't show the machine name, and the information they do show is limited. Makes troubleshooting really difficult when the script that needs to run allows you to remote into a machine (remoting is blocked by company policy and a PowerShell script is needed to run in order to enable…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  9. publish 3rd party updates via script

    CMDLET required to be able to publish the 3rd party updates - we are looking at automating the update deployment process via a number of powershell scripts however we are unable to locate a method to publish the 3rd party updates via Powershell.

    If the required changes could be made to allow this via a CMDlet that would be good for the automation process.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  SDK, PowerShell, and tools  ·  Flag idea as inappropriate…  ·  Admin →
  10. Detection method for MSIX Apps should have version 'Greater than or Equal' option

    Current detection method for MSIX native Deployment Type only allows us to check version equals to 1.x.y.z.

    If that application is set to auto install updates afterwards the software center application status turns to failed. I experienced this after deploying Microsoft Whiteboard application, when I deployed to my user base app deployment was successful for over 5000 machines and deployment success status was almost 99%. After 2 weeks users complained they see Failed status in Software Center next to Whiteboard application. After troubleshooting the issue I came to know whiteboard application was set to install automatic updates and the version…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Application management  ·  Flag idea as inappropriate…  ·  Admin →
  11. "Endpoint protection Definition Update Date and Time" / "Antivirus Signature Update Date and Time" missing in the SCCM Defender Console

    Post the Upgrade of SCCM version to 2010, We do not see "Endpoint protection Definition Update Date and Time" / "Antivirus Signature Update Date and Time" option and it is missing in the SCCM Defender Console.
    With this option we used to measure our daily compliance, Though we have Signature versions, that it gets multiple release in a single day it is very difficult for us track with SIngature versions, rather we use the date and time of the signature gets downloaded and reported to the endpoints.
    Without this option we are totally unable to perform any of our daily/weekly…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support for Dedup in content source directories

    The support for Dedup for the content library is fantastic. It would be great to extend this support for content sources as well.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriate…  ·  Admin →
  13. CMG monitoring

    Have a way to know if the CMG service is running other than going in the console in Administration - Cloud Services - CMG and checking if the status is Ready or stopped.

    We need to be alerted and/or have the ability to see in monitoring tools like scom that it's not Ready like all others services in configMgr

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriate…  ·  Admin →
  14. Be able to see reports like (Compliance -5) on a specifc devices directly from Device screen

    I am always using the device screen with the tabs at the bottom but have to navigate to monitoring and then compliance to find and run compliance report. Make the reports available for the device from the device screen please

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin experience and community hub  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Center  ·  Flag idea as inappropriate…  ·  Admin →
  16. Remove "Tenant Attach" as a mandatory step during the 2102 upgrade wizard.

    Could you please not make tenant attach as a mandatory step during the 2102 upgrade. I'm currently running a test environment with some virtual servers and I don't think that in order to upgrade I need to create a trial sub in Azure with Intune licenses.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriate…  ·  Admin →
  17. Give an option for Preferred DP within a boundary group

    We use branchcache a lot in our environment. It would be helpful for us to have a the same sort of ordering inside a boundary group as we do for client settings - assigning a rank to which DPs (or MPs / SUPs really, but my main concern is DPs) are selected first and then 2nd, 3rd, etc.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Content management and monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  18. Change powershell compliance/remediation script behaviour

    Noticed a few behaviours that I think should be changed.

    1) Compliance settings with remediation scripts.
    If the Deployment of the baseline is removed. The Script will still run one more time as per its next schedule on each client and will ALWAYS run the remediation script even if 'compliant'

    I assume as the deployment is gone, it assumes non compliance so runs the remediation script.

    2) When the deployment of a baseline is removed. Upon client updating its machine policy, any future scheduled compliance check for that baseline should be cancelled, instead of always running its last run and…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriate…  ·  Admin →
  19. Additional guidance

    Need more specific instructions on deploying Office 365 updates on a NON-Connected SCCM Server after synchronizing them per your instructions. The synchronization process works, but finding the correct folder to point SCCM to for downloading is problematic at best and certainly not intuitive. Please provide additional instructions. Also, would be beneficial if SCCM could traverse from the root imported folder to find the update you are downloading locally for deployment.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  20. Distribute Content - WhatIf

    It would be great to be able to Select a Task Sequence, Package, Application, OS Image etc and Distribute Contents with WhatIf functionality.

    Example:

    Newly created Windows Client Upgrade Task Sequence has been created that has Package references of ‘potentially’ 20 Gb in required disk space (OS Image, Drivers, Office, Language Packs) and we would like to Distribute this to some 30+ DPs, all varying in Free Disk Space (minimum being 14 Gb)

    The feature of ‘single-instance store’ is great and expect not to require nearly the ‘potential’ 20Gb of free Disk Space, but we do not know the true…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Content management and monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base