Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable DKIM for Office 365 Home with custom email domain

    The Office 365 Home subscription allows you to use your your own email domain. However, there is no option to enable DKIM and without it, outgoing email often ends up in the recipient's Spam folder, making the custom email domain capability useless.

    Please expose the DKIM setting on the UI for O365 Home subscribers.
    The feature itself is already implemented and available in the Business edition, but requires the Admin panel which does not exist in Office 365 Home.

    https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/38177803-enable-dkim-for-office-365-home-with-custom-email

    96 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. spam filter allowed and blocked sender limit

    Please remove Safe and Blocked Sender Limit. There should be an option to add unlimited allowed and blocked list sender and domains. Existing spam protection does not block most of emails.

    91 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Office 365 quarantine report should have a link to view live quarantine

    This is a simple feature to implement and my users were used to it with Appriver. My users get a report of their quarantined emails daily, that emailed report should have a link (https://admin.protection.outlook.com/quarantine) for the users to click to view their quarantined email at any time, so they don't have to wait a day.

    88 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Use Outlook junk mail actions to train hosted spam filters

    Junkmail filtering has been a constant pain point for me with O365 business and Outlook. The spam filters have an awfully high number of false positives, and only rarely capture real spam (I don't get much on these accounts). Most of the mail that gets filtered is from the same set of senders even though I constantly tell Outlook that these messages are not Junk. O365 needs to leverage this data to improve filtering reliability.

    88 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    The Junk Email Reporting Add-in is our current solution for Outlook users. You can get the download for it, and learn more here:
    https://technet.microsoft.com/library/jj723127(v=exchg.150).aspx
    We do absolutely triage these submissions and use them to improve EOP.

    If you aren’t using Outlook, simply create a new mail to junk [AT] office365.microsoft.com and attach the entire message, including headers (see https://technet.microsoft.com/library/jj723151(v=exchg.150).aspx). We are looking at better reporting options for Mac and mobile users. What might be helpful here is commenting with which applications you use most.

    Administrators can also now go to http://aka.ms/FixSpam and troubleshoot their users’ most persistent spam issues.

    If you continue having difficulties, we recommend a support ticket to investigate current samples. It is frequently the case that a simple configuration issue is to blame — and support can help you figure this out.

  5. Quarantine notification emails: please change it back.

    The new Quarantine notification emails are not useful.
    The layout is very inefficient with screen real estate and difficult to read on a computer, and unreadable on a smartphone.
    Also, end users need the ability to release valid emails directly from the Notification message on a smartphone, instead of forcing them to log into the Quarantine web page (which is also unusable on a smartphone).

    83 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Fixing DBEB to work with Dynamic Distrbution Lists, or disable DBEB by default.

    Fixing DBEB to work with Dynamic Distrbution Lists, or disable DBEB by default. I've been working with MS tech support for a week now trying to figure out why our Dynamic Distribution Lists have all of a sudden stopped working remotely. They said it is because we are using "Authoritative" domains (which are default) and by default DBEB is enabled, which does NOT allow Dynamic Distribution Groups to work from the outside. The tech support team I've been working with says MS has no plans on fixing this and in order to disable DBEB, we have to contact them so…

    80 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Stop using the Spamhaus PBL on mail submitted by *authenticated* inbound connections

    I understand this is a duplicate of the below ticket, but MS is being particularly short sighted with the problems this causes:
    https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/20382373-stop-using-the-spamhaus-pbl-and-xbl-blocklists-on

    As per SpamHaus PBL description:
    THE PBL IS NOT A BLACKLIST. You are not listed for spamming or for anything you have done. The PBL is simply a list of all of the world's dynamic IP space, i.e: IP ranges normally assigned by ISPs to broadband customers routers/modems (DSL, DHCP, PPP, cable, dialup). It is perfectly normal for these IP addresses to be listed on the PBL. In fact all dynamic IP addresses in the world should…

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Please add more Phishing Templates for Attack Simulator

    Please add additional Phishing Templates, or create a GitHub repository for the community to collaborate on phishing templates. Other solutions have rich libraries so if Microsoft wants to compete with other phishing simulators, it really needs more choices.

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. End-user Spam Notifications by User or Group

    Have the ability to configure End-User Spam Notification by User or by Group. Currently we use a 3rd product to handle spam blocking and it sends a daily email with a list of blocked spam. Not all of our users care to receive this email so we would like to be able to control this feature within Office 365 but have the ability to configure which users want to receive the daily spam list or not. Currently Office 365 only let this be done by domain names. The ability to control who gets these notification should be able to be…

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow end users to release, delete, report via End User Spam Notification

    Recently, End User Spam Notification was modified and now end users are unable to "Release", "Block" quarantined spam emails from End User Spam Notification mail.

    I understand that end users must navigate to Security Compliance Center to do so, but I would like to do so from End User Spam Notification mail, so I want an option to bring back the old style End User Spam Notification.

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Delete mail from Blocked Senders but Quarantine possible spam.

    I would really like to have different mail flow behaviours for "BLOCKED SENDERS" and "POSSIBLE SPAM". Mail from a blocked sender or blocked domain to be deleted, always, and never seen again. Remaining mail that triggers possible spam detection to go to Quarantine. What we have today is that thousands of messages from blocked senders are going into quarantine which is cluttering that up and frustrating for our users. I don't want to turn on the delete of possible spam, as some genuine messages are still being quarantined and we need to see them and release them.

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Threat Protection not scanning links within attachments

    Advanced Threat Protection is not blocking phishing links within attachments. These links are coming through in a higher frequency as pdf attachments which are scanned by ATP and in turn are allowed through because they are clean attachments, but the links embedded within these pdf files are going to phishing websites and people are clicking on them. ATP is not blocking these links. Please fix ASAP!!!

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Specific quarantine permissions

    It would be great to allow specific rights for a user to access quarantine and see all users quarantined email. Like a delegated quarantine admin without the rest of the admin rights. This would really help us. I don't feel I can give a user full admin rights just to look at and release quarantined email.

    63 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Advanced Threat Protection (ATP) - The Safe Link protection WARNING page need customization access (to add comment and company logo)

    Please consider to add comment as well as company logo in the Safe Link WARNING page.

    Users expecting that cause they are also purchasing the service.

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Create a "Safe Sender List" option in the Office365 Admin Center

    Create an option for a "Safe Sender List" that allows admins to add email addresses that are allowed past the spam filter. Currently, to add a single email address, you have to navigate to the Spam Filters options, select the domain it applies to, and manually add in the email address. It would be nice to be able to add individual emails to a "Safe Sender List" for the entire domain, rather than through the Spam filter or individually for the users.

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Block spoofing messages even when the source is a trusted relay in another tenant.

    We have discovered if an e-mail is sent through a relay trusted in one tenant, that message will be delivered as not-spam to any other O365 tenant regardless of sender address and SPF records. This seems like a large gap in the service, for example; if one client machine was to get compromised that machine could send any number of messages from any source address through the relay and they would automatically be trusted and delivered to any mailbox using EOP or Exchange Online.

    We would like to see these messages at least checked against SPF records at the receiving…

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Have reasonable exceptions for Advanced Threat Protection rules

    None of the exception options currently in ATP make any sense, since they permanently exclude particular users. If I wanted to exclude particular users, groups, or domains, I just wouldn't purchase ATP licenses for them. To be useful, the exceptions would have to cover use cases where for the same recipient some messages could be excluded from scanning under certain "exceptional" circumstances. There is no reason to purchase an ATP license if I was just going to entirely exclude a user's email from being scanned.

    I had expected that by creating exceptions for certain DNS domains that I could exclude…

    58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Spam Notification - Show actual sender email address

    current Spam Notification email to users is showing incorrect (spoof email display) sender email address. request to have the actual sender email address be use in the Spam Notification email to user so user can make informed decision.

    57 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Report Message AddIn - Include header Information in reported messages

    Hi,
    when dealing with SPAM and Phishing mails (or false positives) we need Header information to drill down to the details. This is a manual process for users.

    The header information are available within Security and compliance portal only for Malware mails (where it´s mostly pretty useless)

    For easy and enhanced user reporting, we request to include the header information in all reported messages from with the Outlook AddIn "Report Message".

    please vote for this idea!
    best regards
    Markus

    51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Increase size of character limit on Custom Exchange Rules

    Exchange rules have too small of a character limit. If you have a lot of rules you can easily exceed the total rule character limit of 20k

    It is also easy to exceed the 8192 single rule limit when doing custom matches.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base