Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Common Attachment Types Filter mis-identifying the contents of .zip files as .jar

    The new Common Attachment Types Filter is a welcome addition to the anti-malware arsenal. The default configuration is supposed to block .jar files and allows .zip files. However, since they use the same encryption type, it misidentifies all .zip files as .jar files and blocks the message. Please add additional logic to distinguish between the two types, and allow .zip files that do not contain prohibited file types.
    (I submitted this as a bug to support, but they said it's Working As Designed, and suggested posting it to Uservoice.)

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  2. Exchange Online Advanced Threat Protection Should Be Included

    Exchange Online Protection is a joke and does little to nothing to protect end users from malware infected files. MS touts Exchange Online as secure, but really it's not -- unless you pay more on top of what you're already paying for supposed security.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add visual indicator that malicious file blocked in "Shared with me/Shared by me"

    When Office 365 ATP for SharePoint, OneDrive, and Microsoft Teams is enabled, visual indicators that a file is blocked are present only in the Modern experience, however, these indicators do not surface in Shared with Me/Shared by Me. It would be useful to have these indicators appear in Shared with Me/Shared by Me to easily identify blocked files and for consistency across the Modern experience

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  4. I want to be able to change the language of notification mail when detecting malware

    We recognize that the language of notification mail when detecting malware is only English and Japanese
    I want to be able to change the language of notification mail from English to Japanese

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  5. Be able to disable EOP if we use a front end like Mimecast

    Microsoft deletes emails that they deem malware. You do not have any say if it is truly malware. It gets deleted. Our email gets scanned by Mimecast which does a better job than Microsoft can ever dream of. The email deemed malware by Microsoft was a word document. I pulled it from Mimecast's archive and it did have a macro in it. It was not malware. To delete all emails that have macros? Why can;t we can add a IP address to white list and all emails from the front end will be white-listed and sent untouched.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  6. Put attachment removal notice at top of email body - rather than the text file replacement

    When Safe Attachments detects & removes an attachment from an email, it puts information inside a text file replacement attachment. However, we train users not to open unexpected attachments - especially ones that are named with the word "malware".

    Can the information about the attachment being removed due to malware be inserted at the top of the body of the email (instead or in addition to the text file)?

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  7. Implement A Proper Quarantine Mailbox for Advanced Threat Protection's Safe Attachments

    We're seeing tons of mail get caught by the Safe Attachments feature in ATP and the experience is horrible. The only way to monitor blocked attachments right now is to hope that the user notifies you that their email is missing an attachment or utilize the "feature" that allows you to copy all blocked attachments to another mailbox. Usually I check that and it turns out to be a false positive, but guess what, I can't forward it on to my user because it'll block it again. Recipient-based filtering is a terrible option and the whitelisting capabilities are another sore…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add a definition to Transport Rules to identify if e-mails have been scanned successfully or not

    Currently it isn’t possible to create a rule to identify e-mails that have not been scanned for viruses or malware and regarded as safe. For example, e-mails that contain password protected files can’t be checked for viruses or malware by EOP (limited ability in ATP) and will fail-open. I expect EOP / ATP have offer limitations around folder depth, scan time and possibly size.

    We have seen many attempts at spear phishing and malware delivery using password protected files in recent months. We would like to have the ability to create a transport rule that quarantines any files that can’t…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  9. Exchange Advanced Threat Protection Timeouts

    We're getting timeouts based on, well, I'm not sure what is causing some of them. One thing that has been known to cause them is attaching a file without a file extension. We have a perfectly safe .pdf that we forwarded through (after removing the .pdf) extension and it blocked the file after the scanner timed out. This doesn't seem like the best way to handle the situation. I know I can allow all "time-out" attachments through ATP by checking a box, but that seems like a bad option. Probably the best way to handle this is for the scanner…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  10. list the email that triggered the potentially malicious url click detected

    The Alert that is created for "A ptentially malicious URL click was detected" doesn't list where the URL was located. Please add the sender and subject line for the email that contained the URL to make it easier to find these emails.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add functionality of native link rendering to Outlook MSI Build

    Beginning in October 2018 my organization was please to hear the the extremely long Safe Links URLS are no longer being re-written in Outlook. Once I noticed it was working in OWA I contacted MicroSoft only to be told this is only for the Click2Run version of Outlook. My company has 1000's of users with MSO build already installed.

    Please bring this feature to ALL versions of ProPlus in the near future!

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  12. block only html attachment - not html email

    If you add .html as file type to the malware filter, also many html emails are blocked (not only html attachments).

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add additional Malware Detection Response action

    Malware Detection Response actions are very limited. Would like to see a quarantine action added and the ability to submit the ones that are false-positives to Microsoft's Malware Protection Center.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  14. Need a way to determine which messages failed ZAP

    There is an alert which states 'Malware auto purge failed due to user configuration' for users which have disabled junk mail. It list the users but I would like a way to pivot from this alert to see the specific messages for which ZAP failed.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  15. Advanced Threat Protection (ATP) - Allow to create custom malware alert notifications

    We need send a customized notification email message to senders or administrators when a malware was detected by Safe Attachments.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  16. Provide file hash as a part of file operation event logs

    When a file operation occurs in O365, access, create, modify, delete, download, as part of the event log, include a file hash.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add OSX file types to Common Attachment Filters Types

    The current file types that can be blocked through the Common Attachment Types filter are Windows-specific.

    Please add Mac OSX specific file types such as .dmg, .sh and .command to the file type list.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  18. Connect Advanced Threat Protection Positive Findings to Report into the Microsoft Malware Protection Center

    We have been reporting in the findings of Advanced Threat Protection into the Microsoft Malware Protection Center. In the vast majority of cases so far, our reports are leading to definition updates. This should be automatic or companies should be able to opt-in so that the detections on Advanced Threat Protection feed into existing Microsoft malware research teams / systems.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow individual, group, or institution wide limits on email send maximums.

    We are an educational institution. Our students are notorious fall falling prey to Phishing emails. We need to set a limit (low, ex: 100) on emails sent per day. Ideally, the administrator would be alerted to this and be able to contact the student to change the password.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  20. O365 Attack tool Safe Ransomware simulation

    Hello all,

    With all the recent Ransomware attacks going on I was thinking about some way of simulating such an attack but as far as I know there is none.

    If you could add a Ransomware simulation to the O365 attack tool it would be very useful in preparing for an actual attack.
    Potentially ATP can be leveraged or the built-in folder/file password protection in Windows 10.

    Thank you.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base