Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow DLP rule exception for encrypted outbounds

    DLP rules do not allow an exception of the predicate "MessageTypeMatches" with the notify sender action. Doing so results in the error:
    One of the conditions you specified can't be used for rules where you want to notify the sender. Error details: The NotifySender action isn't compatible with 'MessageTypeMatches' predicate.
    I would like to trigger a rule on outbound matches unless the message is encrypted in order to enforce our internal policy compliance.

    340 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    15 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  2. DLP needs to be able to read OCR

    At the present time DLP is not able to read OCR documents, namely documents scanned to PDF. This is a GIANT, GAPING hole in terms of security. I have clients who have 100's of thousands of documents that contain sensitive information saved in OneDrive but no DLP policies can be applied to these documents, since DLP is not OCR aware. Please correct ASAP! Thanks!

    290 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable Transport Rule action for Distribution Group

    In Exchange Online or EOP, We cannot create a transport rule with the action set to Distribution Group.

    It errors as follows :

    The transport rule can't be created because group@domain.com, the recipient to be added by a rule action, is a distribution group. Transport rules can't add distribution groups to messages. To resolve this error, remove this recipient and specify a different one.

    Since there are workarounds to resolve, Can this be fixed directly without any error.

    227 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ability to add company logo images globally to all user signatures

    The ability to add a company logo or image to a signature as an admin globally for all users would be nice. Currently the suggested solution to append a disclaimer isn't ideal as it always posts the image to the very bottom of the email, not the signature. This doesn't work for a back and forth conversation thread since it starts stacking the image at the bottom.

    191 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add centralized company signature with mail flow rule (in a new/reply/forward email)

    I think is a good idea to add company email signature at the end of the email with the mail flow rule.
    At the moment this thing is possible but when I reply or I forward an email, my signature appear at the end of all email not at the end of my message,

    114 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow labels to be used in DLP policies

    Recently classification labels were introduced in the Security & Compliance Center to help with retention of certain types of data classifications.

    We also have Azure Information Protection sensitivity labels (personal, public, internal, confidential, secret).

    DLP sensitive information types are good, but it would be even better if we could simply label groups of data as sensitive and apply DLP vs. trying to determine they are sensitive via the DLP sensitive information types. This would remove the complexity of trying to create custom sensitive information types when the out of the box types don't meet your needs.

    111 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  7. DLP workflow

    DLP workflow - currently there is effectively no DLP workflow. You can block emails from leaving by implementing a DLP policy, but you cannot create a workflow where items violating DLP are routed to a DLP admin team who review it, and can then take further action (review, release, escalate etc). This is pretty bread and butter stuff, and we have had to abandon using 365 DLP (we are using Mailguard for this instead) because it simply can't do what we and our customers need. DLP is not a simple "yes / no" - we've received hundreds of false positives…

    96 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  8. add option to create a transport rule to send an automatic reply/response to a sender emailing a recipient in the organisation.

    need an option to send an automatic reply/response to any sender emailing a specific recipient in the organisation via a transport rule. the option is available in Exchange 2013 so should be possible in Office 365. a rule from the mailbox is not suitable as this will only send the response once to each sender. the mailbox is not monitored so customers should be sent an acknowledgement email to confirm that their email has been received.

    84 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  9. Policy Tip Support for Rules with Sender/Domain Filtering

    Currently, Policy Tip actions are not supported when creating a DLP rule that has sender or domain filtering criteria.

    The error message states "The NotifySender action isn't compatible with 'RecipientDomainIs' predicate."

    We'd like to see this action supported so we can configure our rules based on our business requirements.

    83 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow replies from encrypted email with ome v2 to automatically decrypt

    Adding encryption ome v2 (encrypt-only) to outbound emails with sensitive data detection is easy enough. However when that email is opened by the recipient and replied to, the email comes in encrypted to the sender, who has to go thru the process to decrypt. There is an option in the EOP rule to "Remove Office 365 Message Encryption and right protection" however fails since the predicate must match "The sender is located?" "Inside the organization". This is no problem with ome v1 but is not working with ome v2. Need to add the capability to decrypt those messages automatically.

    73 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  11. Introduce customisation to built in DLP rules (or allow exceptions to existing rules)

    We use DLP on email to assist in our PCI compliance. As an online payments provider, we often provide dummy credit card information to help our customers set up their APIs (typically 4444 3333 2222 1111). Unfortunately, despite this *not* being a valid card number, it triggers Microsoft's built in "Credit Card" definition resulting in 100s of false positives per week. We need to have this hard coded as an exception to the "Credit Card" definition, or, better yet, allow definitions to be customised and/or excluded from via. the Admin portal.

    59 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →

    As stan mentions below, this level of customization is certainly possible. There are many other tweaks you can perform based on your specific requirements. For example, you can only look for multiple cards together, or other identifying information like expiration dates. Please review the documentation and work with support as needed.

  12. Provide watermark capability for sharepoint online libraries

    SharePoint online and One drive for business is positioned to be used for collaboration with 3rd parties . Features like RMS provide the security for collaboration. In addition, I would like to see if Microsoft can provide the ability to watermark documents ( word, ppt, exchange attachments, excel etc) to maintain the integrity of documents that are shared outside the organization. In particular, if a library or folder is slated for sharing , I would like to have the option to enforce preselected watermarks ( for example :user id, corporate, brand or some id) across all pages of the document…

    58 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  13. dlp report

    We need to improve reporting for violations on DLP on exchange. We need to extract a detailed report containing information related to the source of the violation. For example, if the violation comes from exchange email we need source email and destination.

    56 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  14. Exclude email accounts from DLP policies

    We would like to setup a DLP policy to prevent emails being sent containing NI/SSN information, with the option for users to override. However, we use Zendesk for client tickets which, when picked up in the policy, the override is seen by Zendesk as a auto-response and suspends the ticket.

    We tried to exclude email accounts related to Zendesk but it appears the options were only visible because we were setup for First Release content and the ability to exclude emails should not be possible.

    Please could this be added so that specific email accounts can be excluded from the…

    55 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable language support for Policy Tips in DLP/Security & Compliance

    Need the possibility to have Policy Tips for DLP rules in multiple languages when created in Office 365 Security & Compliance (as you can do in Exchange Online Admin). The policy tip should match the language you have in Office. Now it's mixed with the static text in the Policy Tip and the custom text you have entered in the rule

    52 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  16. Need DLP templates to catch numbers that don't include keywords

    According to Microsoft and our testing, the DLP templates search for a keyword such as "ssn" or Visa" before looking for an actual number. Our business requires that DLP hunt and find numbers alone that match PII and financial data without keywords. Can we modify templates to do this?

    48 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  17. Notify sender's manager of DLP policy non-compliance

    DLP policy builder - Incident Reports
    It would be great if there was a check box to notify the offending user's manager (by AAD lookup) as opposed to explicitly defining who the recipient of the message is.

    This is highly requested by my EPG customers and is really helpful in end-user training as many Orgs make the users' line manager address these issues, not IT or compliance.

    47 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  18. Enable DLP rules for all OneDrives associated with users in a Group or DL

    I have a department that wants to apply DLP rules to all of their users OneDrive for Business sites. I want a way to enable this by putting in a DL, Group, or Dynamic Group, so that the DLP rules get applied to all users onedrive's that are in the Group. Right now, I have to manually add every URL by hand.

    47 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  19. Transport Rules to Modify Email Display Names for External Email

    We want to be able to modify how external email displays in Outlook as a further step to combat phishing\spear phishing. Right now we can append text like **external email** to the subject or body of the message. Our InfoSec teams want us to be able to have the header read:
    Smith, John (COP-DAY) when its from our internal senders (traditional display name)
    But when its from someone external to our organization read:
    john.smith@externaldomain.com with NO display name or potentially false\spam\impersonated display name next to it to fool a user that isnt paying attention. Right now with Outlook 2016 it…

    44 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  20. Please change the disclaimer option!

    If we add disclaimer and having email conversation means, disclaimer is adding multiple times in the bottom of the email. It should add bottom of each email.

    41 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Feedback and Knowledge Base