Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Include HASH of malware in the mail protection reports

    Include HASH of malware in the mail protection reports because the malware name (in the protection report) belongs to the anti virus company and it changes for different Anti Virus companies but the HASH does not change.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  2. top sender filtering options

    I would like to see a update made to the filtering of the Top Send report in the Security and Compliance Center.
    Admins should be able to filter out such user accounts as Public Folder Mailboxes. This mailbox sends out transparent alerts from the Primary Hierarchy to the Secondary mail boxes. Because this is happening so frequently, this will always make the mailbox the top sender; not giving the admin a true reading of who the top sender is for the organization.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  3. Inform us when our domains are blacklisted... see problem below: I am the owner of the business concerned and I have been patiently waiting

    I am the owner of the business concerned and I have been patiently waiting for the use of my Outlook Exchange ever since we change over from our current domain supplier to that of onmicrosoft.com! I have however disappointed evry time i attempted to use. Apparently my email address mgezim@unidit.co.za or Unidit_Business@Unidit.onmicrosoft.com has been black listed hardly before i could even use it to my satisfaction for whatever reason Microsoft deems it fit. i cannot understand the relevance of the blacklisting under your DNS management and why you allowed outsiders to interfere with my account before you let me know…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make Office 365 Audit Log Report more effective and workable

    The audit log report is now very basic as it shows Date and Time,User, Action, Detail with a Detail which is an unreadable and unprocessable portion of text hiding more information. The report can be much improved by providing structured relevant information, so that it can be further processed more easily.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  5. Alert Excessive User Messages

    It is known with Exchange Online when a user sends excessive emails that their account will be blocked to prevent blacklisting. However there are no reports available for administrators to see this prior to the incident, Need a report option that as admins we can set a criteria on the number of emails sent from a mailbox prior to reaching the quota created by Microsoft. For example, more than 50 emails in 5 minutes, an alert would be triggered sending an email to an administrator.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  6. Update O365 Secure Score reports to new Azure AD Portal

    In the Office 365 Secure Score report, several of the "Reports" that are suggested to review still point to the old Azure AD portal. I know there is an effort underway to move the Azure AD functionality to the new Azure AD portal, but wasn't sure if these links were missed. Is there at least an equivalent report to manually review? Examples include "Sign-ins after multiple failures report"

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create a scheduler for the Usage reports in O365

    We track email usage as part of the Sales team metrics and currently we manually run the report every Monday afternoon to obtain seven days of information - this would be much more efficient if we could 'schedule' the reports for distribution instead of the manual process.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  8. More information on Impossible Travel email for end user

    We get the impossible travel alert triggered a lot as many of our people use a VPN for security as they travel a lot. This is great as sometimes it really is a legitimate attack on their account. So as part of this, in case we miss one, i have set the alert up to also email the end user in question so they can let us know if we need to investigate it further or not.

    I had one of the emails forwarded to me today and there is absolutely nothing useful on it. Is there anyway we can…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  9. Title: Compliance Team (Auditing Team) is unable to see the reports in https://portal.office.com/ portal

    Title: Compliance Team (Auditing Team) is unable to see the reports in https://portal.office.com/ portal

    Description: In our customer environment, we have dedicated Compliance Team who wants to have a look at built in reports available in EOP (Exchange Online Protection).

    In order to fulfill Compliance Team requirement, we added their ID’s to role groups "View-Only Organization Management" and "Hygiene Management". However they were unable to view the reports.

    To understand more on this issue we raised case SRX616051791480459ID. From this we got to know that in order to see the reports, end user has to be member of “Global Administrators”…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  10. Top senders and recipients

    Remove "spam email addresses" (or non-existing email addresses) from the "Top senders and recipients" report. It currently show several non-existing (and never existed) email addresses for my organisation.
    I would imagine that organisations with more spam would find the result utterly useless. I can still navigate around the spam listings, but it is still a nuisance.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  11. I would like to use activity report to retrieve activities which performed in OneDrive for Business

    It would be great if ODfB activity report can retrieve activities which specifically performed in ODfB because, the report always includes ODfB related activities which has been done in Microsoft Teams as well; such as file sharing.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  12. Retrieve the number of activities performed in SPO only

    I would like to retrieve the accurate number of activities which performed on SPO; because current activity report for SPO includes file sharing activities which operated in Microsoft Teams as well.
    I would like to see the activity counts in SPO only.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  13. Daily user quarantine report ability to change time

    The daily user quarantine report needs ability to change time to 9am. Currently my users are getting the reports at 9pm.
    I would like the ability to set time of user quarantine reports are sent and also frequency as once or twice a day.
    Thanks!
    William

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  14. Office365 Admin Alerts

    It would be better to include more information in the new feature; Aerts (https://protection.office.com/#/viewalerts). As of now it give only general information on the emails.Even clicking 'investigate' we are not able to find information or activity as such.

    Eg:

    After investigation

    "By the time this alert was triggered,
    'email@domain' performed Created mail forward/redirect rule 1 times"

    The above information is not enough on a standard alert. A one line of activity done by whom and when will fulfill the requirement of the new feature.

    Thank you,

    Sameer Nazeer

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  15. Adjust Mail Protection Reports so that it doesn't require Global Admin permissions.

    Mail Protection Reports requires assignment of Global Admin permissions. Develop a solution similar to the level of detail associated with Mail Protection Reports that doesn't require Global Admin. From a security perspective we strive to limit our Global Admins to a very few number of administrators. Since the Mail Protection Report cannot be run without Global Admin permissions we're forced to assign a higher level of permissions that desired.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  16. mail trace report with data running automatically

    Automate the Mail-Trace report to send an email on a provided time-period (e.g. 7 days), with data. There are options and pre-defined reports, but you must manually run them and then export them. The request is to have reports run automatically once created or selected (from a predefined), and this should handle the export too. For example, if we want to run a report on emails delivered then get that data automatically via portal (ready) and also a link or attachment in the email. We use computers to automate things, but that is missing here. Note this was possible on…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  17. Spam detections

    The "spam detections" reports show a nice graph that presumably show how many spam was detected. If you click on each point in the graph it shows the actual number of detections for that type on that day. But only clicking on a "Content filtered" point shows a list below the graph for that number of items. But:

    1) Why does it not show the same list for the other types
    2) Why is the number of items in that list not always equal to the value for the point (for that day) in the graph!

    This report seems to…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  18. To Generate Report for all emails sent to External Domains

    To Generate Report for all emails sent to External Domains on One click when configured for entire domain

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  19. Please provide documentation defining all of the event types which show up on the MailTrafficATPReport.

    There are several reports available for ATP, but not a lot of documentation on how to go about analyzing the data that is pulled from powershell.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  20. Generic guest link report

    Ability to create a report that details every generic guest link created, including creation date and the person who created it. This is important to my organization because we want to disable guest links going forward, need to contact users who created them and give them a drop-dead date to replace them. Finally, we would need a means to delete the guest links.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base