Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. malware

    Bypass Malware Filter

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  2. Connect my EOP account to the malware submissions.

    The issue that we are having is to when we need to submit a file\email for review on the Malware site, we are required to sign in to check on the status. Our EOP account is not recognized to sign in. When we select to create a new account, and use the same email address, we get error that the address is already in use. We are a company and need to be able to have our EOP account linked to the Malware site since they both are needed to combat the malware issue.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  3. MCAS support for other endpoint protection software

    It would be nice if MCAS integrated with other endpoint protection software rather than having to go with Windows Defender ATP

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add option to remove local file links with Safe Links

    It is still possible to send an email with a link that will launch local executables on the host system, has been for years. Ex. "file:///C:\Program Files (x86)\Google\Chrome\Application\chrome.exe". But it could be worse obviously. Safe Links has the ability to block URLs but no option to remove that category of links from emails. I need an option to remove file:///, therefore removing the ability to do so.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow downloading malicious attachments in a password protected archive

    When attachments are detected as malware, upon downloading from O365 Security&Compliance for further investigation Defender immediately recognizes malware and deletes files. To allow further manual investigation or submission to e.g. sandbox there should be option to download (malicious) attachments in form of password protected archive. Something similar is already available in MS Defender ATP.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  6. Is there any virus scan being run?

    Can you scan incoming emails for attachments containing malware? When we used Websense, they scan and blocked them all. With Microsoft "security" they are flying in like a knife through tissue and into my user's mailbox.

    MS tech support has me block the sender's ip address after the email has flooded the office, but the blatant stupidity of such a solution needs no further discussion.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  7. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  8. Exchange Online Advanced Threat Protection - Excess of Timeouts

    We have recently suffered several bouts of emails simply timing out through Exchange Online Advanced Threat Protection. This has taken place during a pilot for the system in our organisation and has not instilled us with confidence to use it. When dealing with Microsoft Support we have been informed that other tenancies/customers were experiencing the same problem and that Product Engineering had investigated and the problem was resolved only for the problem to reoccur a few days later with the same response.
    There is no System Health Status in the O365 Portal for ATP, can this be added so that…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  9. Can you give your opinion to baseStriker Attack?

    I have beed asked by the Security department related the following Topic described in the links below:

    https://www.avanan.com/resources/basestriker-vulnerability-office-365
    https://thehackernews.com/2018/05/microsoft-safelinks-phishing.html
    https://securityaffairs.co/wordpress/72279/hacking/basestriker-attack-technique.html

    Security researchers at cloud security company Avanan have discovered a technique, dubbed baseStriker, used by threat actors in the wild to bypass the Safe Links security feature of Microsoft Office 365.

    The Safe Links feature is designed by Microsoft to protect Office users from malicious codes and phishing attacks, it is part of Microsoft’s Advanced Threat Protection (ATP).

    Beginning in late October 2017, ATP Safe Links protection is being extended to apply to web addresses (URLs) in email as well…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  10. Security / Compliance Center Junk E-mail IP block does not appear in Show Detailed Table

    Security / Compliance Center Junk E-mail IP block does not appear in Show Detailed Table

    セキュリティ/コンプライアンスセンター迷惑メールの IP ブロックが、 [詳細な表の表示] に表示されない

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  11. Advanced Threat Protection - failed to scan for hyperlink inside an email attachment.

    There is an email attachment inside the incoming email. The email attachment contains a link that points to the phishing web site. The same link can be identified as phishing in Edge or Google Chrome. I forward the same email to gmail and it can be successfully filtered. The ATP of the Office 365 needs to be strengthened.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  12. A virus has still managed to enter our Exchange Hybrid Server via EOP.

    Virus/Malware: TSPY_FAREIT.SMBD
    Endpoint: ExchangeServer1
    Domain: Servers\
    File: C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Temp\UnifiedContent\992110b6-f5f6-44d2-ad0b-da61c456cec0 (PaymentcopyInvoice000867423.exe)
    Date/Time: 18/09/2017 09:46:52
    Result: Virus successfully detected, cannot perform the Quarantine action (Please see scan result of infected file: 992110b6-f5f6-44d2-ad0b-da61c456cec0)

    Could we include these virus types into EOP detection list

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  13. found Potential security gap in EOP, Restricted file types gets bypass malware filtering when inserted inside word doc

    Restricted file types gets bypass malware filtering when inserted inside word doc, what is the solution?
    .dll file inserted into word doc is getting bypassed without getting quarantined, however on premise
    Symantec mail security is able to quarantine such scenarios.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  14. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  15. Shut this thing down!

    Shut this thing down!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  16. Notifications for Submission results in Security and Compliance Center

    Currently once a report has been submitted through the "Submissions" section of the "Threat Management" category inside the Security and Compliance Center, the only method of finding out when a submission rescan has completed is by going into the portal and checking for its status manually. Sometimes scans can take more than a day to complete, it would prove useful to have some kind of notifications for scan completion.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  17. I ran a malware test from https://www.emailsecuritycheck.net and Outlook 365 failed every test.

    I ran a malware test from https://www.emailsecuritycheck.net and Outlook 365 failed every test. My suggestion is to perhaps check for malware?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  18. Extensions

    The Anti-Malware Policy should allow me to manually input file extensions that should be considered malware. I should not have to pick from a list provided by Microsoft (this is already an option with Exchange Transport Rules)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. how can we re move email addreases targeted in phishing

    how can we re move email addreases targeted in phishing

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  20. this is blocking tons of legitimate sites, like my local newspaper and offers no way to release a message.

    this product is letting tons of spam into my email but blocks many legitimate sites and is driving me crazy. I can't do my work.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base