Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Suspicious Login Reports and Alerts

    Microsoft needs to include FREE reporting and alerts to paying office 365 subscribers. Apparently the azure reports that would be useful to office 365 subscribers require a paid subscription (according to the 2 tickets I put in with azure support)
    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-view-access-usage-reports.

    The office 365 audit log is a mess and doesn't give a clear picture of all suspicious activity for all users at a glance, e.g. logins from multiple geographies.

    Ideally, admins would be able to get alerts based on suspicious activity. We've had several users accounts get hacked and we've had no idea. People were logging in from…

    352 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    23 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  2. Audit report showing encrypted messages sent

    Messages are encrypted automatically according to rules. However, there is no way to confirm for audit purposes that a message was actually encrypted.

    157 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make secure score available to partners

    As a Partner I have access to the tenant of my clients. I'm not able to see the score of my clients tenant and check easily what changes need to be done and discuss this with my clients.
    I can only do this when I have an separate admin account of the clients tenant.
    Now with the integration of secure score into the compliance center shows a widget of the score but not the actions that needs to be taken. Please integrate the full secure score

    95 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  4. Retention Labels - Time Left - Report all files with label

    Hi,

    Would it be possible to have a report system or dahsboard, which would report on Time left of the retention period for all items or even just files that have a particualar label applied that the user has created.

    For example. A calculated column that shows the item, location, retention/deletion, time remaining before it happens, based on whether it was, either labeled, created, last modifed. (hope it makes sence)

    Currently you have to use the 'content search' area [search and investigation] and do the calculations there within excel on any given report.

    see the post here for some more…

    80 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  5. incident

    Fix ATP Threat Explorer Incident Reporting

    We would like to use ATP Threat Explorer to mitigate phishing messages coming into our environment. The incident reporting does not build confidence in the tool. As an example I recently used it to hard delete 6 messages from our environment. The incident report did not give data for two full days. When it did, it reported status "Failed". However, looking at the report details, all six messages show hard delete status "Success", with no failures. Accurate and timely reporting of incident results will build confidence in the ATP Threat Explorer tool.

    63 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  6. Message encryption audit log reporting

    We need an audit log that will detail every message that came in and out and whether it was send using TLS or not. Ideally, the audit log would contain the following fields:
    Message ID, TLS or SMTP, timestamp, sender, recipient, subject

    37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow adding metadata fields to pending disposition reports

    Pending disposition and completed disposition reports are lacking metadata required to be captured by Government organisations for all disposed documents. Can we have the following metadata fields available in all disposition reports exported from Office 365:
    • Unique identifier (document ID number)
    • File name
    • Date created
    • Creator/Author
    • Date last modified
    • Last modified by
    • Date of disposal
    • Disposal label
    • Disposed by

    It would be even better if system admins could add/remove metadata fields from all disposition reports.

    Unfortunately, until these fields become available in Office 365 disposition reports, document disposal won’t meet the…

    37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide uptime report per tenant to meet auditor demands

    Currently uptime reporting for O365 is only available as a quarterly global percentage. This does not reflect the uptime of our specific tenant, so we want to have an uptime report at the level of our specific tenant.

    For important business solutions on SharePoint Online, we have a requirement to be able to report the uptime of that solution, since we need to guarantee a certain level of availability. The global quarterly uptime report doesn't provide this, since it is only a high-level average.
    The global uptime doesn't mean that our specific tenant had that same uptime. Depending on the…

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  9. Daily quarantine report - More flexible options

    The daily quarantine report needs to be more functional with the following options an administrator can set:

    1. Send repeated reports and frequency. Once a day, twice a day, etc. with time to set
    2. Send quarantine report email as soon as a new message appears
    3. In the quarantine report email show new and old quarantine emails

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  10. Optimize Mail Protection Reports for Excel 2016

    Could you please optimize Mail Protection Reports for Excel 2016 ?
    When I tried to install it, I get the notification that I must have Excel 2013 installed.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  11. End User Notification for Retention Policies

    Looking for end user notification when data governance deletion policies are applied to content. A visual indication within document similar to SharePoint on premises information management policy banner. It states that a policy is applied to the content, describes the policy (for example: A retention policy of deletion ten years after the last modified date has been applied to this content.) and indicates when the policy is met (for example: Expires on 8/21/2027).

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  12. Real-time Logging within Auditing

    Audit logs in the security & compliance center are not populated or refreshed in real-time. Waiting for the audit logs to populate which could take up to 24 hours makes it ineffective with delayed data in order to track down issues/user activity/attacks/etc.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  13. Make Audit Log Data Readable to Business Users

    The exported reports do not explain where something was accessed in any way that makes sense to business users, even the IT guys are struggling to read these reports. Please can an additional column be added only displaying the URL to the content accessed. The User ID and Operation columns are perfect, it's the Audit Data column that makes no sense.

    {"CreationTime":"2019-01-17T11:55:03","Id":"f8431c84-239b-4a78-6da2-08d67c729d8a","Operation":"SearchQueryPerformed","OrganizationId":"69193fbf-a336-4e0b-a500-e844e117162a","RecordType":4,"UserKey":"i:0h.f|membership|10030000aa36ae9d@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.109.108.43","ObjectId":"c4c7db9b-5533-4d9c-b9c1-182341a63832","UserId":"name@company.com","CorrelationId":"c4c7db9b-5533-4d9c-b9c1-182341a63832","EventSource":"SharePoint","ItemType":"Web","UserAgent":"MRU Service","EventData":"<ClientType>DocsSharedWithMe<\/ClientType>"}

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  14. Report all attachments scanned by Advanced Threat Protection Safe Attachments

    Currently reporting for Safe Attachments only shows malicious files. This makes it difficult to verify that Safe Attachment scanning is working as intended. It would be beneficial to be able to verify in a report detail regarding all attachments that have been scanned and marked as safe.

    This idea stems from a situation were Advanced Threat Protection was not scanning attachments for a tenant despite being configured to do so. Without checking through message traces or verifying with end users it was not possible to verify if it was working or not. The issue was further complicated as the reporting…

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  15. quarantine reports showing duplicate entries

    Quarantine reports on threat management showing duplicate email. When searching it via sender email address it show correct email. There's a bug when viewing the list and it increase the number of items due to duplication.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  16. secure score filter by user licence

    Should be able to filter secure score recommendations based on the licence types within the tenant. For example, If the tenant is primarily an Office 365 / EMS E3 User base, you should be able to choose to ignore all Office 365 / EMS E5 User base security recommendations.

    Raised from Tech Community request

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  17. Public folders in Top sender and recipients report

    Hi,

    In the top sender and recipients report we notices the top sender is a public folder on our account.

    After researching via message trace we saw a lot of HierarchySyncs between public folders. This is causing the public folder to be top sender.

    It's not an actual mail that is being send but more a sync or ping.

    I don't see a reason why these pings and syncs should be in the top sender report.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  18. Visibility of DMARC reports

    At present DMARC reports are not visible under Security & Compliance.
    DMARC reports will help to determine the messages that were allowed through or rejected.
    rua feature will provision mail delivery notifications but will not provide full details of message delivery status in a tabular format.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add Site/Library/Folder filter to Dispositions Dashboard

    The new Dispositions dashboard is a great addition to the Compliance Centre. At the moment though you can only filter by date range and label.

    It would be really useful to have the ability to filter the dashboard further so that you can return, for example, all items that are eligible for disposition within a specific document library or folder.

    When you extract the dashboard as a report to Excel currently, you are provided with the filepath to the item in the excel report so presumably it would be possible to use this information directly in the dashboard to make…

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  20. report the last time a distribution list was used

    I see the email usage reports but these reports are only for mailbox users. I would like the reports to include things like the last time a distribution list sent or received an email. Similarly a shared mailbox.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base