Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add to Allowed/Block List Option in E-mail Quarantine E-mail

    Add to Allowed/Block List Option in E-mail Quarantine E-mail

    Please add the option to deliver e-mail and add to Allowed Senders List,which would also deliver the e-mail to the user's Inbox. Also, add the option to add e-mail to the Blocked Senders List.
    These options should be added to the daily E-mail Quarantine e-mails for users so they don't have to log on to OWA in order to manage them. Most online spam services, such as Proof Point and McAfee give users this option and I'm not sure why this is not already an option.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Improve Spam (pishing) recognition, multiple senders, bypass spf

    Analyzing several pishing eMails, I found that those eMails base on non rfc compliant eMails, using 2 Sender addresses.

    MAIL FROM: <wicked@spam.com>
    From: Display Name <good@wellknown.com> <wicked@spam.com>
    (no sender field)

    The trick is, to bypass SPF validation.
    It is allowed to have multiple sender adresses, but the using in the example above is not RFC conform. My guess is, that the Spam engine is expecting RFC conform messages.
    I have plenty pishing messages in my inbox, using excact this technique. Non of them is marked as spam. I can not think in any "legal"…

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Disable hyperlink in html emails

    Have a mechanism to restrict opening hyperlinks in email for a period of time for users who fail phishing simulations in both Outlook client and OWA.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Schedule Spam Notification

    1 email sent per day is sent notifying the user they have spam in quarantine.

    it could be too late for important emails waiting until the user is notified that they have spam to release.

    I suggest we have an option where we can set the frequency of those notification. This topic has been brought up for 2 years and no change yet.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow custom retention period for quarantined messages that matched a transport rule

    As mentioned in: https://docs.microsoft.com/en-us/office365/securitycompliance/quarantine-faq

    "The retention period for quarantined messages that matched a transport rule is not configurable. "

    As we are using Transport Rules, it would be profitable to be able to set the retention period higher than 7 days, for holiday absences or situations where our users can´t request the release of these mails in time.

    Thank You

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Provide option to purge messages from Search and Investigation GUI

    We often use the Search and Investigation tool in Security and Compliance to find instances of phishing and spam emails that our users have received. As of now, we have to open a PowerShell session to start a purge on the results of these searches. It would be very helpful to have a purge option on the search results pane, so it could be done directly from the GUI.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Customize spam policy and save spams into the preferred folders

    I would like you to implement a feature that can save spam e-mails identified based on the spam filter policy into certain folders that we create, the Spam, High confidence spam, Phishing email, High confidence phishing e-mail and Bulk email folders.

    Furthermore, I would like to customize the spam policy based on our preference. For example, if the mail is quarantined, it would be filtered and saved into Quarantine, or if the mail is identified as Junk, it goes to Junk folder as we specified.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Increase max purge limit per mailbox

    I often encounter issue where I need to purge phishing or spam emails from user's mailbox. Sometimes, I need to purge more than 10 emails per mailbox.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Threat Explorer: Allow Searching for URLs

    Allow searching for URLs from ATP SafeLinks in Threat Explorer.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Bulk Complaint Level - Reputation Resolution

    There is currently no process by which a third party emailer can work with Microsoft on their BCL (Bulk Complaint Level - https://technet.microsoft.com/en-us/library/dn759623(v=exchg.150).aspx) score. Per our company policy we are not permitted to whitelist anything and if a vendor is running in to a high BCL (getting blocked), we require them to work with Microsoft on their score. This is a very painful process as they may not have a TAM with Microsoft, we're told half the time that we can't open tickets on it, and they other half they'll reset the reputation for us. I'd like a clear…

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Track all URL clicks in ATP (Blocked or Not)

    Currently, ATP SafeLinks only logs clicked URLs once they've been blocked. We have no way of tracking users that clicked Blocked URLs that ATP previously considered safe.

    Please track ALL url clicks regardless of their disposition and make this available via the Get-URLTrace powershell command.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. ATP anti-phishing Policy - Request for Another Action

    In the "ATP anti-phishing" policy for "Action > User impersonation" and "Action > Domain impersonation" would like another action option to "Prepend the subject with _____", so email is delivered but it is it has a warning. We currently do this with Exchange Transport rules for Anti-Phishing Protection so our users are use to it. We would like to continue using this strategy, which has been very effective for us.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow DKIM Setup with TXT DNS Records (see RFC-6376, RFC-4871)

    Currently it is only possible to Setup DKIM with CNAME records, but many ISPs around the globe don't support CNAME records with the "_" character in it. This might be wrong by RFC and is an issue.
    Nevertheless it is also wrong to bind setting up DKIM with only CNAME records.
    The mentioned RFCs suggest the usage of TXT records and so should Exchange Online also allow to use TXT records.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow for Name Variations in Anti-Phishing Policy

    Currently the anti-phishing spoofing and impersonation protections do not appear to take into account any name variations for users in the protected list. For example, if Joe Blo is in the protected list, an email sent from Joseph F. Blo will not be flagged with safety tip or be subject to other protective actions.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Warning for email Sent / Received to recently created domains

    This is to provide protection against phishing attacks that impersonate another business by using similar domain names. If the whois database indicates a domain is very recently registered add a prominent warning that the domain is new and may be attempting to impersonate an established business.

    The duration in which a domain is considered 'New' should match the expected time for a business using brand protection services to be able to identify and take action against an impersonating domain.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Check if Hacker Downloaded a Copy of the Email

    It would be best if there is a tool that will allow admins to check if hackers has downloaded a copy of the emails.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow admins to mark false negative messages as spam and submit to abuse@messaging.microsoft.com from Exchange portal

    Ideally it would integrate with message tracking. Search for specified criteria, mark selected messages as junk, move them to the user's junk mail folder, and submit a copy of the message to abuse@messaging.microsoft.com.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Advanced Threat Protection (ATP) - URLs that point to a downloadable object like a PDF or application file need to be sacned by Safe Link

    An attachment with links (like PDF or Word file or Power Point file) should be filtered both way (safe attachments and safe links).

    Emails with these types of attachment are much vulnerable with spoofing links.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add OCR scanning capability to ATP

    Add OCR scanning capability to ATP so phishing messages containing only inline or attached images can be properly blocked. Actors are using this method to get around threat detection and transport rules in O365 by using inline images containing the body of the ransom message rather than using text.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide ability to change hosted quarantine retention period

    Provide ability to change retention period of items placed in hosted quarantine (fixed at 7 days - really 6 days in practice).

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base