Deploying software/policies by user instead of by device would be helpful for a dynamic environment where users switch devices, and require much less assigning device to groups manually. The ability to assign software to AD user groups would be hugely helpful as well, having policies deploy when a login is detected by a user a policy is applied to.