Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. plugin report message on mobile device (iOS and android)

    Develop the mobile plugin Report Message for outlook mobile in order to allow reports from mobile devices.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Change ATP SafeLinks URL

    Starting ATP URLS with https://.safelinks.protection.outlook.com/ gives the impression that a URL is safe.

    We've had numerous malicious URLs sent to our users that were not blocked by ATP, by putting the name "safelinks" in the URL you give the impression the URL is safe even though that's not always the case.

    Instead consider some of the following alternative names:

    https://.links.protection.outlook.com/
    https://.atp.protection.outlook.com/
    https://.urls.protection.outlook.com/

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Please provide documentation for the headers: X-Microsoft-Antispam-Mailbox-Delivery and X-Microsoft-Antispam-Message-Info

    These headers showed up in a few false positives. There's no documentation online and MS support is unwilling to provide any such documentation, even for partners.

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Daily Quarantine Email Notification Changes

    The quarantine notification email needs to be improved as follows:


    1. When a user receives a Quarantine email in their Outlook client and chooses “release to inbox” or “report as not junk” the resulting web page should allow for the rest of the unassigned emails to be managed instead of forcing the user back and forth between the email client and web browser.


    2. It would be helpful if the email or resultant web page Included a link to further manage the Quarantined messages in bulk.


    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. User based per-domain safe sender and blocked sender lists not functioning with EOP

    Having recently undertaken a support case regarding a user and their safe sender and blocked sender lists and it's interaction with EOP it would be useful if the per-domain aspect of these lists functioned as advertised.

    We have been advised by Microsoft Office 365 support that only per-user (email address) exceptions override the EOP content filter rules and not per-domain. This contradicts what is stated at https://technet.microsoft.com/EN-US/library/dn636911(v=exchg.150).aspx

    This states that:
    Outlook safe sender and blocked sender lists – When synchronized to the service, these lists will take precedence over spam filtering in the service. This lets users manage their own…

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Do not allow End Users to release Phishing Mails in End User Spam notifications

    Currently when an E-Mail is quarantined and the reason was "Phish" those E-Mails are included in the End User Spam notification message and an End-User is able to release the message to his/her inbox. Please add in the user notification only E-Mails which are marked as "Spam" within the Quarantine.

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Safelinks not rewriting URLs

    Hi,

    Apparently if the sender composes ANY URL without pressing space or Enter after and then sends the Email directly, the recipient would receive the email with URL not rewritten and clickable directly.

    I assume most spammers know this by now and use this method to bypass the ATP safelinks mechanism.

    Yesterday we recieved a spam mail with a malicious URL which was not rewritten due it did not contain a href link.

    I checked this with o365 support and they confirmed explanation above.

    I realize there is some technical difficulty in solving this matter but this needs to be…

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. EOP should block messages with blank body(only)

    Currently - The Advanced Spam Filter option called "Empty Messages" only applies if the subject is empty + body is empty + there is no attachment.

    Request - It should apply if the body is empty + there is no attachment.

    Reason - Spammers these days are spamming with subject message only.

    As

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Block email with text links that point to a different URLs

    Many times I get emails with a link to a resource, say "https://bit.ly/sands". That is fine with me ONLY when the link actually points to that resource. Phishing emails always try to deceive the reader by placing a common or expected URL, but in the HTML they hide the real URL. The typical user doesn't hover the pointer over the URL to see the second one.
    I would love to see a feature in Exchange Online Protection that I can enable so any link in the body of the message that is written like a URL must match…

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve Spam Filtering

    I've been using both Google Apps for Work and Exchange Online.

    Relying to Microsoft spam filtering is very frustrating compared to Google Apps for Work, as a lot of email messages with dangerous links and attachments are delivered to the inbox.

    I really hope Microsoft develops an enterprise-level spam filtering engine similar to Postini.

    37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Defect: Quarantine Items are restricted unless Global Admin

    I am trying to create permissions for a user to access Threat Managementr/Review and see all quarantine items without having to be a Global Admin. I was able to assign permissions to allow the test user to access the quarantine section by assigning a user the Organization Management role.

    However, when the user assigned the Organization Management role logs in, the contents of the quarantined messages are limited to only Bulk and Spam. We need to be able to access items quarantined for all reasons.

    So this won’t work for us. It looks like in order for all quarantine items…

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Safe Links Internal

    Recently one of my user's credential compromised and using his credential and intruder sent email containing a malicious link. The email directly delivered to other person as it was treated as internal email.

    ATP by design doesn't apply safe link policy to internal emails. So I can clearly say it is a high security risk.

    Internal user can also do it by intention or by unknowingly, which will in return damage the environment instead of having ATP in place.

    So my suggestion is to apply the safe link policy to internal as well as external emails.

    Thanks,
    Brad Diamond

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow hosted quarantine timezone to be set

    Allow O365 admin to set the timezone for the hosted quarantine. Currently we are stuck with UTC being displayed.

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow whitelisting IP's that are blacklisted

    Adding an IP to the whitelist doesn't help if the IP itself is blacklisted. In some cases the blacklist is false and requires whitelisting. In hybrid environments a blacklisted IP of the hybrid exchange can stop all mail flow to office 365 and a whitelist option is required.

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Fix the GUI for multiple Display Names for a single e-mail address with ATP Anti-Phishing

    We'd like to see the ability to add multiple display names for a single e-mail address work properly in the GUI. There does not seem to be a reliable way to specify more than one display name to protect for an e-mail address, currently, in spite of the documentation indicating that it should function. Here's what we've seen:



    • GUI


      • Log into Security and Compliance center

      • Create Anti-Phishing policy named "APPolicy 1" with requisite settings

      • Add a user to protect - Jen Public, jen@company.com

      • Add a second user to protect - Jennifer Public, jen@company.com
        At this point the GUI updates and…
    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Quarantine Domain Wildcard Search and Release Option from EAC

    The ability to search incoming and outgoing quarantined emails for an entire domain (for example: *@domain.com) via the protection > quarantine > Advanced Search section of the Exchange admin center is much needed. Currently, this can only be done with a rather cumbersome PowerShell command.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Remove inbound disclaimers for outbound messages

    When incoming email from external sources is tagged with a disclaimer and then either forwarded or replied, the disclaimer remains as part of the message. An option to remove the disclaimer or the ability of a transport rule to remove a pattern of text would avoid any confusion for the message recipient.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. DMARC functionality

    I recently enabled DMARC for all of my domains. Upon testing DMARC with o365 there are several issues with the way o365 has it enabled.


    1. I use the p=REJECT option. I do this because I don't want people receiving spoofed emails from any of my domains. o365 instead of rejecting the message actually QUARANTINES the message. This is currently MS policy because they have too many clueless admins that complain about the P=reject (that they set) actually rejecting messages. Seriously, if we are going to dumb down this functionality what other Security features in o365 have been dumbed down because…

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Alert When More Than "X" Number of Recipients are Emailed

    I would like you to enable an ability to alert when more than "X" number of recipients are emailed from a single mailbox, allowing the partner to set their own threshold. For example, email tenant admins when one mailbox emails more than 100 recipients, etc. This will help identify situations when a mailbox is compromised and someone is using it as a proxy to spread the phishing email to others.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Security & Compliance Raise Bulk Quarantine Release Limit

    Why just limit of 100 items? Also need a progress bar like EAC has.
    It took forever to release 1300 emails to a single recipient. Email is used for public comments. Is there a way to release more (bulk release)?

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base