Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Getting malware notifications for the emails sent from external users however option toreceive notifications for external users not checked

    Getting malware notifications for the emails sent from external users however the option to receive notifications for external users is not checked

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  2. Extend mailflow rules options add action : forward original e-mail content to recipient, but with stripped attachments

    This is something that most anti-spam/virus security systems allow, but I cannot find a way to do this in exchange online.

    For example, by default I do not trust any zips, nor the scanning of them. But 5% of zips are valid ones.

    For the moment I can only send all ZIPs to quarantine and inform the recipient with a second command that they received "some kind of mail with a zip from someone".

    This is too vague, I would rather the system would still send a copy of the original mail content to the recipient, but strip the zip…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  3. Problema al crear filtro de malware en el Centro de Administración de Exchange

    Desde hace varias semanas hemos venido recibiendo en varios buzones de correo mensajes que incluyen un archivo adjunto de tipo "IMG" (imágenes de disco) el cual a su vez contiene archivos ejecutables. Cuando el usuario abre el archivo adjunto, Windows 10 monta la imagen (crea una unidad de disco en el equipo) y muestra el contenido, el cual al ser abierto infecta el equipo y da inicio a una serie de tareas típicas en casos de malware.
    Días después del inicio de estos mensajes entrantes, encontramos que a través de una de las cuentas receptoras se estaban enviando masivamente mensajes…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  4. Please show the malware name or type of malware in "View quarantined"

    Under Threat Management -> Review -> Quarantine, in the message details, Quarantine reason should not just put Malware but also malware name or type.

    Or have summarised details of the malware or a link to the details.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  5. Please create a PowerShell cmdlet to schedule when exporting malware of Real-time detections

    I would like you to create a PowerShell cmdlet to schedule when exporting malware of Real-time detections.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  6. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  7. Quarantined files on Classic OneDrive, Sharepoint cannot be downloaded and can be shared, moved or copied

    We can't download quarantined files on Classic OneDrive, Sharepoint, but we can share, move and copy.

    We have an organization that allows the file to be downloaded.

    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/turn-on-atp-for-spo-odb-and-teams?view=o365-worldwide

    Setting the parameter to false blocks all actions except Delete and Download. People can choose to accept the risk and download a detected file

    We also believe that quarantined files cannot be shared, moved or copied.

    Is it possible to modify the function?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  8. Populate MetaData for files in Quarantine from Emails

    Currently in the files section of the Quarantine section in threat management, the metadata is missing from files found in Emails. The metadata only gets populated once files are found from SharePoint, OneDrive and Teams. Either populate all metadata for all files or separate the Files section into Email and Other services.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  9. EOP - Malware Policy - Add 'Sender/Sender Domain' exclusion/inclusion

    EOP's malware policy allows excluding recipients/recipient domains, but doesn't extend this feature for Sender/Sender Domain. As an example, we have a legitimate sender that sends us '.DOCM' files, however the Malware Policy quarantines it. My workaround is to remove the .DOCM extension from the Malware Policy and instead use an Exchange Mail Flow Rule to only allow that extension from specific senders. It's a workaround, not a solution.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  10. White list feature to avoid Legitimate Files with macros being blocked as Malware

    Advance Threat Protection or Edge Servers or which ever server is scanning and detecting the legitimate files as malware, should have file level white list feature in the admin portal. So that , false positive can be avoided.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  11. work on it

    improve it

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  12. Desperate for help... ATP classified our domain as malicious by mistake and that's destroying our company

    Since Saturday, every time anyone with Microsoft ATP enabled clicks on a link from our domain, safe links blocks it and tells them that our site is malicious (which it's not).

    Our domain is marked as safe on all the other security providers we've found. Only Microsoft Advance Thread Protection is blocking it.

    There has to be a way for Microsoft to fix the issue on their block domain list inside ATP (safelinks).

    With so many Office 365 users in B2B, blocking and pointing a safe company's domain as malicious by mistake causes a really big problem for that company…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add "ClickProtect" to protect against malicious links within email

    My previous filter provider had ClickProtect and I worked VERY WELL. Here's a description:
    ClickProtect leverages GTI® Web Reputation to safeguard against web addresses that link to malware and phishing sites. Each web address is evaluated when the message is scanned in the cloud ("scan-time") and later, when the user clicks on the web address ("click-time").

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  14. Option to disable common attachment types filter for internal mail only

    Today you can define common attachment types that will treat certain file types as malware. There should be an option in the malware policy that would ignore this filter for internal mail only, but treat such file types as usual for incoming external mail.

    As an example, ATP Safe Links have an option to ignore the mechanism for internal mail and so should the attachment filter.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  15. Unable to download quarantined files on Teams

    We are unable to download files quarantined by O365ATP on Teams.

    We have an organization that allows the file to be downloaded.

    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/turn-on-atp-for-spo-odb-and-teams?view=o365-worldwide

    Setting the parameter to false blocks all actions except Delete and Download. People can choose to accept the risk and download a detected file

    Is it possible to modify the function?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  16. ATP Apply to Mailbox Types

    Allow options to apply ATP policies based on mailbox types (ie. apply policy to all USER mailboxes, or all SHARED mailboxes, etc.)

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  17. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  18. Automate sender blacklisting of spam/malware emails

    In automated investigation and response (AIR), make it possible to actually automate tasks. Not just delete bulk email clusters. Give an option to add the sender of any spam/malware to the malware filter in exchange admin center. Or add the blacklisting of the sender to the remediation capabilities.
    AIR doesn't automate anything besides investigations at this point. It just groups it in a new dashboard for someone to still go in and manually delete. Let the process be zero touch automation, and give us an option to add the sender to blocked lists.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. malware

    Bypass Malware Filter

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  20. Connect my EOP account to the malware submissions.

    The issue that we are having is to when we need to submit a file\email for review on the Malware site, we are required to sign in to check on the status. Our EOP account is not recognized to sign in. When we select to create a new account, and use the same email address, we get error that the address is already in use. We are a company and need to be able to have our EOP account linked to the Malware site since they both are needed to combat the malware issue.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base