Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Suspicious Login Reports and Alerts

    Microsoft needs to include FREE reporting and alerts to paying office 365 subscribers. Apparently the azure reports that would be useful to office 365 subscribers require a paid subscription (according to the 2 tickets I put in with azure support)
    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-view-access-usage-reports.

    The office 365 audit log is a mess and doesn't give a clear picture of all suspicious activity for all users at a glance, e.g. logins from multiple geographies.

    Ideally, admins would be able to get alerts based on suspicious activity. We've had several users accounts get hacked and we've had no idea. People were logging in from…

    644 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    31 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  2. Give more detail on the TLS and Connector reports that are available in the Security and Compliance Centre

    Allow you to drill down and get more detail on the TLS report. For example, which domains are not using TLS, or which domains are only using TLS 1.0.

    246 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    21 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →

    1. Click into “details”.
    2. Choose “connector report”.
    3. Choose “request report”.
    4. Answer the questions in the wizard, clicking “Next”, “Next”, and “Save”.
    5. Wait for the report to come to the email address specified. It will contain the following fields:
    message_id, direction, sender_address, recipient_address, connector_name, connector_type, tls_version, tls_cipher

    With the Message_Id value, you can combine this with MessageTrace to get the Subject.

    If this does not help, please provide more information as to the scenario and detail that is missing. Thank you for the feedback!

  3. Audit report showing encrypted messages sent

    Messages are encrypted automatically according to rules. However, there is no way to confirm for audit purposes that a message was actually encrypted.

    169 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make secure score available to partners

    As a Partner I have access to the tenant of my clients. I'm not able to see the score of my clients tenant and check easily what changes need to be done and discuss this with my clients.
    I can only do this when I have an separate admin account of the clients tenant.
    Now with the integration of secure score into the compliance center shows a widget of the score but not the actions that needs to be taken. Please integrate the full secure score

    112 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  5. Daily quarantine report - More flexible options

    The daily quarantine report needs to be more functional with the following options an administrator can set:


    1. Send repeated reports and frequency. Once a day, twice a day, etc. with time to set

    2. Send quarantine report email as soon as a new message appears

    3. In the quarantine report email show new and old quarantine emails

    66 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  6. incident

    Fix ATP Threat Explorer Incident Reporting

    We would like to use ATP Threat Explorer to mitigate phishing messages coming into our environment. The incident reporting does not build confidence in the tool. As an example I recently used it to hard delete 6 messages from our environment. The incident report did not give data for two full days. When it did, it reported status "Failed". However, looking at the report details, all six messages show hard delete status "Success", with no failures. Accurate and timely reporting of incident results will build confidence in the ATP Threat Explorer tool.

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  7. MCAS: Add management reporting capabilities

    MCAS currently provides an alert dashboard and ability to create incidents. On both topics we are missing reporting capabilities to inform our policy and decision makers. For that pupose I wish to have an audit log to query. Can you please add this capability MCAS?

    Reports to present to my policy and decision makers show the facts that MCAS has great value. And at the same time they show that analist need to spend time to handle incidents..

    e.g. per month: 1) How many incidents are opened / closed 2) How long it took to close an incident 3) How…

    58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  8. Visibility of DMARC reports

    At present DMARC reports are not visible under Security & Compliance.
    DMARC reports will help to determine the messages that were allowed through or rejected.
    rua feature will provision mail delivery notifications but will not provide full details of message delivery status in a tabular format.

    51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  9. Get-MailDetailATPReport - Increase result limit

    The result limit of 10,000 is way to low for a large organization, this needs to be increased to a realistic limit of 1,000,000

    https://docs.microsoft.com/en-us/powershell/module/exchange/get-maildetailatpreport?view=exchange-ps

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  10. Message encryption audit log reporting

    We need an audit log that will detail every message that came in and out and whether it was send using TLS or not. Ideally, the audit log would contain the following fields:
    Message ID, TLS or SMTP, timestamp, sender, recipient, subject

    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide uptime report per tenant to meet auditor demands

    Currently uptime reporting for O365 is only available as a quarterly global percentage. This does not reflect the uptime of our specific tenant, so we want to have an uptime report at the level of our specific tenant.

    For important business solutions on SharePoint Online, we have a requirement to be able to report the uptime of that solution, since we need to guarantee a certain level of availability. The global quarterly uptime report doesn't provide this, since it is only a high-level average.
    The global uptime doesn't mean that our specific tenant had that same uptime. Depending on the…

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  12. Optimize Mail Protection Reports for Excel 2016

    Could you please optimize Mail Protection Reports for Excel 2016 ?
    When I tried to install it, I get the notification that I must have Excel 2013 installed.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  13. To Generate Report for all emails sent to External Domains

    To Generate Report for all emails sent to External Domains on One click when configured for entire domain

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  14. Real-time Logging within Auditing

    Audit logs in the security & compliance center are not populated or refreshed in real-time. Waiting for the audit logs to populate which could take up to 24 hours makes it ineffective with delayed data in order to track down issues/user activity/attacks/etc.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  15. Make Audit Log Data Readable to Business Users

    The exported reports do not explain where something was accessed in any way that makes sense to business users, even the IT guys are struggling to read these reports. Please can an additional column be added only displaying the URL to the content accessed. The User ID and Operation columns are perfect, it's the Audit Data column that makes no sense.

    {"CreationTime":"2019-01-17T11:55:03","Id":"f8431c84-239b-4a78-6da2-08d67c729d8a","Operation":"SearchQueryPerformed","OrganizationId":"69193fbf-a336-4e0b-a500-e844e117162a","RecordType":4,"UserKey":"i:0h.f|membership|10030000aa36ae9d@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.109.108.43","ObjectId":"c4c7db9b-5533-4d9c-b9c1-182341a63832","UserId":"name@company.com","CorrelationId":"c4c7db9b-5533-4d9c-b9c1-182341a63832","EventSource":"SharePoint","ItemType":"Web","UserAgent":"MRU Service","EventData":"<ClientType>DocsSharedWithMe<\/ClientType>"}

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  16. Report all attachments scanned by Advanced Threat Protection Safe Attachments

    Currently reporting for Safe Attachments only shows malicious files. This makes it difficult to verify that Safe Attachment scanning is working as intended. It would be beneficial to be able to verify in a report detail regarding all attachments that have been scanned and marked as safe.

    This idea stems from a situation were Advanced Threat Protection was not scanning attachments for a tenant despite being configured to do so. Without checking through message traces or verifying with end users it was not possible to verify if it was working or not. The issue was further complicated as the reporting…

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow downloading of search reports without the need for Internet Explorer or Edge (non-chrome) version.

    Really. We still need IE or Edge to download ediscovery reports. Chrome, Edge with Chrome and basically any browser should work.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  18. To generate statistics report for all emails sent to internal users or sent by external users

    we tried to make query on [security centre]> [report] > [dashboard] > [sent/recieved email item report] to get statistics on how many mail items are sent by external users and how many mail items we are reciving from internal users but we could not make functionable query in order to get the results.
    we would like to have query that acutually works.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  19. Alerts for when a user logs into another machine (login notifications)

    Add an option for Alert Policies in the Security and Compliance Admin Center for activities like users logging into another machine or devices and administrator activities within the tenant.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  20. Fix misleading logging of Login Failure

    In some situations a failed login event is classified as User Logged In, and the event detail has a ResultStatus of Succeeded with ResultStatusDetail of Redirected. This is quite confusing and risks failed login events from attackers being filtered out of critical reports. The support folk have advised this is normal behavior, but it looks like poor design to me and should be fixed. The Activity should be recorded as Login Failed or Login in Progress

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base