Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Emails being incorrectly flagged as High Confidence Phishing emails being dumped into Quarantine by default

    Currently we have an issue where inbound mails are being intermittently marked as High Confidence Phishing emails, including emails from Microsoft support!

    These are simply going into quarantine, with no end user notifications and no notification of delayed delivery of the sender.

    I have modified the default spam filter policy to put them into Junk Email - but this is a huge issue as if the default spam filter policy does this, hundreds of thousands of emails are being incorrectly quarantined every day!!

    Please look at this urgently.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. phishing

    Advanced Threat Protection needs to protect against phishing links. We have a URL that takes you to a page imitating office365's official login page and there is nothing that the ATP is doing to stop a user from typing in their credentials. SafeLink is not blocking automatically it, having to manually type in a URL to block it is not effective when dealing with random incoming malicious phishing emails & links

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Messages in Threat Management Explorer no longer remediable.

    We are no longer able to remediate messages via the threat explorer. Every email is listed as Remediable: no. We have moved back to using the clunky, slow and less precise content search.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. End User Quarantine: Show ALL Emails!

    Please list all emails by default on the new quarantine on protection.office.com/#/quarantine. Filtering mail by Spam or Bulk is very confusing to end users. I understand that you might want to try and educated users on the difference is, but to be honest, end users don't care if it's spam or bulk. All they care is that they can quickly get into the quarantine and release their mail. Forcing users to drop down a list and choose between spam or bulk and then search for their mail is frustrating and confusing.

    What would help improve the quarantine is if there…

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. end user notification

    currently in EOP, when we enable the end user notification for quarantine emails, the minimum value is 1 day, which may cause the issue we may miss some important emails, we required that we may improve the feature to send notification every hour.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    Please share with us more about how you use the product. For scenarios which require end users to regularly scan for false positives, we find that customers prefer to use Junk Mail folder instead of Quarantine. Is that an option for you? Also, have you investigated the causes of the false positives? Improper configuration is the cause of roughly half of all false positives.

  6. Bypass ZAP feature for some Senders

    Currently ZAP can be disabled for the entire Tenant or some recipients but there is no way to disable or bypass ZAP for some specific list of Senders.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Muhammad, thanks for the feedback. Zero-hour auto purge respects the Safe Senders list of the Anti-spam policy. If there are specific senders which you do not want ZAP to act on, you can configure them as safe senders.

    Note that we recommend admins to be cautious when adding safe senders for both mailflow and ZAP as it can cause a security issue should the sender become compromised.

  7. Advanced Threat Protection feature ZAP not working with spam action "Move to quarantine"

    Office 365 security feature zero-hour auto purge (ZAP), which protects against spam and malware is disabled if you use any other spam action except "move to junk folder", because this is one of the conditions for it to work. Want to see that ZAP works with the action to move junk emails to quarantine.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Filter message based on "safe links" detection

    EOP doesn't offer blocking email message containing malicious URL or URL blocked by policy.

    If you for example blacklist URL that appears in malicious messages Safe Links rewrites link indeed, but why bother user with message that has no worth. Quarantine or delete message would be desired action.

    Optionaly you could raise a case and ask spam analyst to block URL that appears in message but why have this administrative overhead?

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Option to Enforce junk mail filter and not allow users to disable

    Option to Enforce junk mail filter and disallow users to disable so sending spam in eop to users junk folder doesn't show up in inbox because user disabled the junk mail filter.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add User Allowed/Blocked Senders List in EOP

    Please add a way for users to add e-mail address and domains their Allowed/Blocked senders lists in EOP from the quarantine web interface (https://admin.protection.outlook.com/quarantine). It can be confusing for users to manage their senders list in Outlook/OWA Junk E-mail options if the organization is configured to use the hosted quarantine and never uses the Junk E-mail folder. Other spam services we have used in the past such as McAfee and Postini allowed this.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Actually allow the SPF record hard fail and NDR backscatter hard fail to actually initiate a hard fail.

    We received a blatant phishing attempt which should have been classified as spam as the headers easily showed that the message itself did not originate from the legitimate sender. After sending the headers to Microsoft Engineers they stated that sometimes the message will still come through even though the SPF record hard fail flag was enabled in EOP.

    If you are going to call something a hard fail, it should act as if it were a hard fail, blocking the message entirely.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    We highly recommend using DKIM and DMARC in addition to just SPF. That said, this may be best worked via a support ticket so individual messages can be analyzed. As mentioned, it is completely possible that the issue is because of a whitelist or rule.

  12. Make EOP IP Block list Public or Admin Searchable

    Sometime EOP blocks some IP Addresses, including On Prem Server IPs which are communicating thru Hybrid or Relay thru a Inbound connector. Please make EOP IP Block list searchable to administrators.

    Right now one have to create a premier ticket to find that out. Wasting valuable time of admins and support professionals.

    Implement alerting mechanism to provide email alert if any IP address is in our IPAllow and Inbound Connector list and blocked due to whatever reason. Sometime EOP support guys calls in the middle of night and if call back other EOP support guy has no clue about the…

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. ATP Safe Links "rich text format"

    ATP Safe Links is not re-writing any URLs if the message is sent in Rich Text Format. This is a giant hole in the security that any malicious sender could exploit to send in links to our users. Same thing happens in HTML messages if you "remove hyperlink" before sending. All tenants using ATP Safe Links should test this, and then vote to get this resolved.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow quarantine messages to default to raw open (not html)

    The new quarantine defaults to loading a quarantined message body in html. I've had a vigorous discussion with tech support, who told me that those messages have the links disabled, but they DO load images. This will tell spammers that the message has been opened and that the email address is valid. THIS IS NOT OKAY. I like to report spam to SpamCop, but I have to include the (munged) message body, so I am now forced to decide whether to report spam and giveaway that the email is valid, or not report. Whoever thought this was a good idea…

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow per mailbox trusted senders and domains to bypass Bulk Mail Filtering

    Bulk Mail Filtering is great for cleaning up inboxes, but we would like to offer our users a self-service method of whitelisting certain trusted senders.

    Currently, Bulk Mail Filtering does not respect the mailbox-level Trusted Senders and Domains lists.

    Doing so would provide an easy to support mechanism for users to safe list bulk mailers that they like.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. preview quarantined messages

    We would like users to be able to preview a quarantined email prior to releasing the email. At present when a user received the spam notification email they can either Release to Inbox or Report as Not Junk. We would like a third option where the user can view the email with the option to release to inbox.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Delist captcha is too complicated, I've cursed Microsoft 20 times before entering it correctly.

    Delist captcha is too complicated, I've cursed Microsoft 20 times before entering it correctly. And I strongly suspect that you have blocked my mail server for no reason, just because you are not 100% sure that it is not sending spam.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. quarantine

    End User Quarantine allows for too much visibility. At the current moment, users are not able to access their Quarantine mail at will from the Office 365 portal. They have to save as a favorite the URL to: https://protection.office.com in order to load Security & Compliance Center. They are allowed to see the User Search field along with DLP, Reports and Service Assurance besides Threat Management in the display pane. End users should only be allowed to view the Threat Management for their quarantine mail access only. There is no need for them to access ISO, HIPPA reports. I've tried…

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Spam notification email - exact time of sending

    I suggest extending the configuration capabilities of Spam Notification in Exchange Online Protection and Exchange Online by allowing setting up an exact hour during the day, when the spam notifiations are sent to users. Especially if these are set to daily. Notificaions are usually being send during the night now.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enhanced Email Phishing Warning Banner Capability

    Currently, you can create a transport rule in Exchange Online that appends a banner to emails. This is commonly used to notify recipients that the email is from an external sender, to warn them it may be a phishing attack if the person is spoofing an internal sender. Tool tips can also be used, but these are not as customizable and don't show in all clients. Please develop a native capability that allows further customizing and a more intelligence warning banner to be inserted into emails. For example, some 3rd party services have the ability to scan a mailbox to…

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base