Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add OR boolean logic in DLP_rule conditions and exceptions section

    In general i like the update which you have rolled out for DLP.

    But while creating policy rules i see that the conditions are applied only in AND boolean logic. It would be better if we have the flexibility with OR condition as well. Because without this option, i see that we need to create multiple rules to achieve things that we need.

    For an Example:

    Say if sender is abc@abc.com, He/She sends a document to someone who is outside the organization. Assume that i use a Label "Confidential" which will be stored in document properties and i can…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support staff must be far more cognizant of security and protecting their clients resources

    The staff I speak with continue to ask me to elevate users to resources they should not otherwise have.
    The support staff should be provided with additional security training to understand conventional access control methodology; RBAC, DAC, MAC are all methodologies which various consumers MAY be utilizing, and the requests made should be compliant with the model in use; They should not repeatedly ask to provide access to user A for group B, it wastes a great deal of time, and time is money, in particular as there are a variety of competitive products for online documentation.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Rules are not working on Junk Email.

    I enter the domain name when I create a rule on my junk mailbox, such as 'wooordpress'. The rule never works.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Can Service Trust Portal support IE11 soon?

    It would be nice that Service Trust Portal will support IE11 soon!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  5. When an email from an external sender is sent to hosted quarantine for any reason (i.e. attachment type), notify the sender with reason.

    We have a transport rule that moves external email with specific attachment types to hosted quarantine - so we can release them if we need to. We would like to be able to send replies to the sender - asking them to consider re-submitting their email with an acceptable document type such as PDF.
    We could do this if we simply blocked the message altogether, but the idea of hosted quarantine is that we can review and release if it is necessary, without involving the original sender.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  6. Bring user documentation up to date with Secure Score release

    I just spent 2 hours trying to find out how to run my Secure Score. The documentation under "Plan for security & compliance in Office 365", and the link it follows from Step 2 to give more info, nowhere explains how to actually find and invoke the Secure Score. I had to contact tech support for them to walk me through it. The link they initially gave me led to a screen titled "Microsoft Security Admin", which is not available via Office 365 Security. So we spent some more time finding the Secure Score widget nestled in the main home…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Export of folders for user instead of search in Security and Compliance.

    Allow Export of folders for user instead of search in Security and Compliance.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. UI: please add an export button at the end of the controls

    Please add another "Export to Excel" button at the end of the controls page.
    It usually makes me first scrolling down - recognizing that the button is not there - and scrolling all the way back to the top. Just doublicate the button!
    Thanks!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  10. Submissions Feature - Bulk mail as legitimate

    Legitimate email is sometimes blocked as bulk, to fix this situation we are forced to setup bulk allow rules. We would like to be able to submit bulk email as legitimate and therefore allowed for our tenant through the submissions feature.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Compliance Center Issues

    I have been doing a lot of testing with Search in the Compliance Center against OD4B sites in SPO. We are a very large origination (55,000+ users) and currently have over 24,000 OD4B sites. The admin center in the Compliance Center is limited but does work as advertised to some extent. I can search and retrieve the first 200 items for preview. It is a bummer that the preview or entire results from the query can't be exported here. That led me to move to PowerShell using the Compliance Center commandlets. I am very disappointed in it's current function. I…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  12. Please force re-authentication for Outlook client when the network has been changed

    It would be better if you could add a setting in Outlook client to ask users to re-authenticate when the network it connects to has been changed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. VASTLY IMPROVE the spam/phishing filter

    I receiev regular email postings from professional societies and EVERY TIME they end up in quarantine, despite me time and again listing them as safe senders. Meanwhile, real phishing emails get through on a regular basis. Google and Yahoo don't have problems with spam filter - not only do they rarely miss catching rel spam, they almost never misclassify genuine email. Frankly I could have better security if I set up my own email server usinng standard open-source filter algorithms. Microsoft's offering is the worst in the industry by a long way, once does wonder if there are any competent…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow Office 365 Admins the ability to update Sensitive words for SPAM Content Filter

    Allow Office 365 Admins the ability to update the Sensitive Word List for SPAM filtering, the ability to update this list by the admins will alleviate the stress of Microsoft to have to manage the list themselves. This will also increase the identification of Unsolicited emails and decrease the wait time for a resolution to take place.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. A locked policy can be increased or extended, but it can't be reduced or turned off. This is very bad! allows changes, but not the history

    The retention policy lock should be able to be changed! The forever unchanged is the history of content and should be backup in a separated location. Right now, if the retention policy includes SharePoint, the sharepoint site admin not even can delete the lib/list etc. This is dumb. The retention should smart enough to backup the delete files and without interrupt the users.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. AIR (preview) add warning banner to actions approval

    Currently AIR might find that normal links to Facebook or LinkedIn company pages are malicious, and consequently suggest in an investigation to delete any mail with such links. It's currently too easy to just approve 5-7 suggested actions of a suspect malicious mail - and perhaps delete 1 million legit mail in the process.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. I'm cloud only but my score in 10 points less because I don't have hash enabled

    Why is counted against you, if your environment doesn't require a hash sync?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. The operation log of the audit log cannot be confirmed in detail

    The operation log of content search is confirmed in the audit log.

    However, although it is output as a search result, I would like to check in detail, such as "Administrator A confirmed the email received at User A's 8/1 11:11".

    コンテンツ検索の操作ログを、監査ログにて確認しています。
    しかし、検索結果としては出力されますが、「管理者 A がユーザー A の8/1 11:11 に受信したメールを確認した」のように細かく確認したいです。

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Ssi

    Ssi

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Centralised way to clear user's suggestions

    Suggestions can only be cleared by users selecting the X next to the suggestion.

    Provide O365 admin the ability to clear a user's suggestions or a collection of users (domain or tenancy).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base