Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Advanced Threat Protection (ATP) Whilelist - add wildcard support and/or extend the 320 character limit

    Advanced Threat Protection (ATP) Safe Links whitelist currently has a 320 character limit, and does not allow wildecards.

    Please either turn on wildcards for the urls or expand the 320 character limit to something much larger.

    189 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
    • Admin Notifications for Zero Hour Auto Purge (ZAP) actions.

      Need to have notification to Admins when ZAP takes an action on email.
      1) Need to know what was found and deleted
      2) Even more importantly, need to know what was found and WAS NOT deleted since it had already been read.

      166 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        5 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
      • safelinks whitelist domain with wildcard

        Safelinks currently requires you enter each url you'd like to allow through. I'd like to have safelinks allow a wildcard domain. for instance we get many emails from our own systems pointing to internal urls. sometimes those emails get distorted because the url's are listed in plain text and replaced with the safelink.

        I'd like to allow wildcard https://*.mydomain.com/* to allow domains such as web.mydomain.com/page and test.mydomain.com/stuff to go through with by making one simple rule vs theoretically hundreds.

        93 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
        • Block Office Files with Macro's

          We are getting numerous malware attacks with zero hour Office files containing malicious Macro's, these are often blocked within 60-90 minutes but some are still being received by users. The signature is changing regularly so they aren't picked up by your scanners despite the original virus being around 12 months old.

          We do educate the users not to open them and Macro's are disabled, but blocking the content at the gateway would be better.

          Some of this functionality was available in Forefront for Exchange.

          78 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
          • Advanced Threat Protection (ATP) - Allow to create custom malware alert notifications

            We need send a customized notification email message to recipients or administrators when a malware was detected by Safe Attachments.

            60 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
            • Add recipient (TO:) on Malware notifications

              ΦSteps to reproduce
              ~Step 1:Set Notification when Malware is detected~
              1. In the Exchange admin center (EAC), navigate to Protection > Malware filter.
              2. Select the Default policy > Click the edit icon
              3. Click the Settings menu option. In the Administrator Notifications section, select the check boxes to Notify administrator about undelivered messages from internal senders and to Notify administrator about undelivered messages from external senders. Specify the email address.
              4. Click Save.

              ~ Step 2:Send a Malware mail~
              Access https://www.andymillar.co.uk/blog/2007/12/06/testing-your-email-virus-scanner-with-eicar/ and enter email into the box. Click Email Me EICAR!

              ~ Step 3:Admin receives the Malware notification as…

              56 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
              • Create a web form to submit malicious links for ATP SafeLinks

                Allow users to submit links for known malicious sites that can be flagged as such by ATP SafeLinks.

                After a recent phishing message that included a malicious link that was not flagged as such by SafeLinks, I opened a Premier case and sent the link, and Premier sent it on to engineering. A couple hours later it was blocked by Safe Links.

                There has to be a faster/more direct way to get malicious URLs blocked by SafeLinks!

                56 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  thinking about it  ·  0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                • Advanced Threat Protection - SafeLinks - Create Submission Mechanism for False Positive Malicious Domains

                  Advanced Threat Protection - SafeLinks - Create Submission Mechanism for False Positive Malicious Domains

                  This idea would create a feedback / reporting mechanism for domains incorrectly tagged as malicious by the SafeLinks feature. We had an example of a partner domain that was tagged as malicious, had zero malware / good reputation / etc. (confirmed by Microsoft Support), and had no way to feed that information back into Microsoft for a review of the malicious domain list so it could be removed. Similar feedback mechanisms exist for false positive Spam and virus detections - URLs deserve the same treatment.

                  45 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    3 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                  • Return ZAP false postives to where they were foldered rather than Inbox

                    When ZAP classifies a message it is moved to the junk folder. When false positives happen, these message are moved to the Inbox rather than the location it originally was before ZAP moved it to the Junk folder. This is very confusing for end-users because messages reappear in the Inbox after they have processed them (Accepted meeting invites [Deleted Items], Custom folders, etc). If ZAP, puts them back where it found them, this could be a seamless event for most end-users as it would go unnoticed (Foldered -> Junk -> Foldered; rather than Foldered -> Junk -> Inbox).

                    37 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                    • Whitelist domains for Advanced Threat Protection

                      ATP needs a method for whitelisting domains because it can take a month or more for a false positive to get categorized and updated in ATP rulesets.

                      You need to either give us a way to whitelist domains (so we can continue sending and receiving attachments), or you need to update definitions faster. I'm guessing adding whitelisting will be easier and more reliable.

                      27 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                      • Improve classification of "internal senders" in malware scanning

                        I like that I can enable "Notify administrator about undelivered messages from internal senders" in the malware policy.

                        I don't like that the malware detection engine has no idea if a sender is actually internal. It does simple domain-matching, which means that if someone is sending out malware and spoofing the sender address to pretend that it's from us, then I get notifications for days. Can't it at least do an SPF check?

                        24 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          6 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                        • XLSM file being flagged as Malware

                          Prior to last week, we were able to send XLSM files within our organization without issue. Now xlsm files, not all, are being flagged as malware. I had a case open with Microsoft Support who had me change the file to an xlsx, which works but disabled the Macro's. We send this to people who may not be so tech saavy to rename files, and Executives in our organization.

                          I would like to know why suddenly the file was blocked, why its being flagged as malware, and what we can do moving forward to prevent this. The data in the…

                          23 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                          • Allow the option to forward emails caught my malware filter to quarantine for review. Allow the option to include the original attachment

                            Title says it all. Allow us to redirect emails flagged by malware filter to the quarantine for review, and allow us to review the original email, including attachments.

                            21 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                            • Common Attachment Types Filter

                              It should be possible to make a dedicate Notification message for Common Attachment Types Filter. Now you can only use Notification Alert from Malware Detection Response feature. Now filtered file type send Notification Alert that Malware detected which is not the case. But file type blocked because our policy.

                              18 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                              • Common Attachment Types Filter mis-identifying the contents of .zip files as .jar

                                The new Common Attachment Types Filter is a welcome addition to the anti-malware arsenal. The default configuration is supposed to block .jar files and allows .zip files. However, since they use the same encryption type, it misidentifies all .zip files as .jar files and blocks the message. Please add additional logic to distinguish between the two types, and allow .zip files that do not contain prohibited file types.
                                (I submitted this as a bug to support, but they said it's Working As Designed, and suggested posting it to Uservoice.)

                                15 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                                • Exchange Online Advanced Threat Protection Should Be Included

                                  Exchange Online Protection is a joke and does little to nothing to protect end users from malware infected files. MS touts Exchange Online as secure, but really it's not -- unless you pay more on top of what you're already paying for supposed security.

                                  12 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Fix blocking of non-Java archives containing META-INF subdirectory

                                    .MUSX files, created by the Finale music notation application, contain a subdirectory named META-INF. From time to time, the Office 365 Exchange malware filter blocks them, falsely identifying them as .JAR files, which they aren't.

                                    11 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Implement A Proper Quarantine Mailbox for Advanced Threat Protection's Safe Attachments

                                      We're seeing tons of mail get caught by the Safe Attachments feature in ATP and the experience is horrible. The only way to monitor blocked attachments right now is to hope that the user notifies you that their email is missing an attachment or utilize the "feature" that allows you to copy all blocked attachments to another mailbox. Usually I check that and it turns out to be a false positive, but guess what, I can't forward it on to my user because it'll block it again. Recipient-based filtering is a terrible option and the whitelisting capabilities are another sore…

                                      10 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        3 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Allow administrators to control outbound throttle to control outbreak

                                        During an outbreak, a machine may harvest a user's global address list and then send emails to a large amount of recipients. Would like EOP outbound filters to dynamically throttle when this behavior occurs, otherwise provide administrators insight into when this occurs, or the ability to create a lower message rate throttle than out of box defaults as a preventative measure.

                                        10 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Exchange Advanced Threat Protection Timeouts

                                          We're getting timeouts based on, well, I'm not sure what is causing some of them. One thing that has been known to cause them is attaching a file without a file extension. We have a perfectly safe .pdf that we forwarded through (after removing the .pdf) extension and it blocked the file after the scanner timed out. This doesn't seem like the best way to handle the situation. I know I can allow all "time-out" attachments through ATP by checking a box, but that seems like a bad option. Probably the best way to handle this is for the scanner…

                                          9 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base