Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide file hash as a part of file operation event logs

    When a file operation occurs in O365, access, create, modify, delete, download, as part of the event log, include a file hash.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  2. Please create a PowerShell cmdlet to schedule when exporting malware of Real-time detections

    I would like you to create a PowerShell cmdlet to schedule when exporting malware of Real-time detections.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  3. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  4. White list feature to avoid Legitimate Files with macros being blocked as Malware

    Advance Threat Protection or Edge Servers or which ever server is scanning and detecting the legitimate files as malware, should have file level white list feature in the admin portal. So that , false positive can be avoided.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  5. block only html attachment - not html email

    If you add .html as file type to the malware filter, also many html emails are blocked (not only html attachments).

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add "ClickProtect" to protect against malicious links within email

    My previous filter provider had ClickProtect and I worked VERY WELL. Here's a description:
    ClickProtect leverages GTI® Web Reputation to safeguard against web addresses that link to malware and phishing sites. Each web address is evaluated when the message is scanned in the cloud ("scan-time") and later, when the user clicks on the web address ("click-time").

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  7. ATP Apply to Mailbox Types

    Allow options to apply ATP policies based on mailbox types (ie. apply policy to all USER mailboxes, or all SHARED mailboxes, etc.)

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  8. malware

    Bypass Malware Filter

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  9. Connect my EOP account to the malware submissions.

    The issue that we are having is to when we need to submit a file\email for review on the Malware site, we are required to sign in to check on the status. Our EOP account is not recognized to sign in. When we select to create a new account, and use the same email address, we get error that the address is already in use. We are a company and need to be able to have our EOP account linked to the Malware site since they both are needed to combat the malware issue.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  10. MCAS support for other endpoint protection software

    It would be nice if MCAS integrated with other endpoint protection software rather than having to go with Windows Defender ATP

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow downloading malicious attachments in a password protected archive

    When attachments are detected as malware, upon downloading from O365 Security&Compliance for further investigation Defender immediately recognizes malware and deletes files. To allow further manual investigation or submission to e.g. sandbox there should be option to download (malicious) attachments in form of password protected archive. Something similar is already available in MS Defender ATP.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  12. Is there any virus scan being run?

    Can you scan incoming emails for attachments containing malware? When we used Websense, they scan and blocked them all. With Microsoft "security" they are flying in like a knife through tissue and into my user's mailbox.

    MS tech support has me block the sender's ip address after the email has flooded the office, but the blatant stupidity of such a solution needs no further discussion.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  13. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  14. Exchange Online Advanced Threat Protection - Excess of Timeouts

    We have recently suffered several bouts of emails simply timing out through Exchange Online Advanced Threat Protection. This has taken place during a pilot for the system in our organisation and has not instilled us with confidence to use it. When dealing with Microsoft Support we have been informed that other tenancies/customers were experiencing the same problem and that Product Engineering had investigated and the problem was resolved only for the problem to reoccur a few days later with the same response.
    There is no System Health Status in the O365 Portal for ATP, can this be added so that…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  15. Can you give your opinion to baseStriker Attack?

    I have beed asked by the Security department related the following Topic described in the links below:

    https://www.avanan.com/resources/basestriker-vulnerability-office-365
    https://thehackernews.com/2018/05/microsoft-safelinks-phishing.html
    https://securityaffairs.co/wordpress/72279/hacking/basestriker-attack-technique.html

    Security researchers at cloud security company Avanan have discovered a technique, dubbed baseStriker, used by threat actors in the wild to bypass the Safe Links security feature of Microsoft Office 365.

    The Safe Links feature is designed by Microsoft to protect Office users from malicious codes and phishing attacks, it is part of Microsoft’s Advanced Threat Protection (ATP).

    Beginning in late October 2017, ATP Safe Links protection is being extended to apply to web addresses (URLs) in email as well…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  16. Security / Compliance Center Junk E-mail IP block does not appear in Show Detailed Table

    Security / Compliance Center Junk E-mail IP block does not appear in Show Detailed Table

    セキュリティ/コンプライアンスセンター迷惑メールの IP ブロックが、 [詳細な表の表示] に表示されない

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  17. malware

    Just as there is a bypass for Spam, there should also be a way to bypass Malware detection. We are fighting an issue where an HR document that is sent to new hires as a .docm is being stripped from the communication. There should be a way to continue to block .docm files but exclude scans of filenames you know and trust. Thanks

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  18. Advanced Threat Protection - failed to scan for hyperlink inside an email attachment.

    There is an email attachment inside the incoming email. The email attachment contains a link that points to the phishing web site. The same link can be identified as phishing in Edge or Google Chrome. I forward the same email to gmail and it can be successfully filtered. The ATP of the Office 365 needs to be strengthened.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. A virus has still managed to enter our Exchange Hybrid Server via EOP.

    Virus/Malware: TSPY_FAREIT.SMBD
    Endpoint: ExchangeServer1
    Domain: Servers\
    File: C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\992110b6-f5f6-44d2-ad0b-da61c456cec0 (PaymentcopyInvoice000867423.exe)
    Date/Time: 18/09/2017 09:46:52
    Result: Virus successfully detected, cannot perform the Quarantine action (Please see scan result of infected file: 992110b6-f5f6-44d2-ad0b-da61c456cec0)

    Could we include these virus types into EOP detection list

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  20. found Potential security gap in EOP, Restricted file types gets bypass malware filtering when inserted inside word doc

    Restricted file types gets bypass malware filtering when inserted inside word doc, what is the solution?
    .dll file inserted into word doc is getting bypassed without getting quarantined, however on premise
    Symantec mail security is able to quarantine such scenarios.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base