Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow DLP rule exception for encrypted outbounds

    DLP rules do not allow an exception of the predicate "MessageTypeMatches" with the notify sender action. Doing so results in the error:
    One of the conditions you specified can't be used for rules where you want to notify the sender. Error details: The NotifySender action isn't compatible with 'MessageTypeMatches' predicate.
    I would like to trigger a rule on outbound matches unless the message is encrypted in order to enforce our internal policy compliance.

    257 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
    • DLP needs to be able to read OCR

      At the present time DLP is not able to read OCR documents, namely documents scanned to PDF. This is a GIANT, GAPING hole in terms of security. I have clients who have 100's of thousands of documents that contain sensitive information saved in OneDrive but no DLP policies can be applied to these documents, since DLP is not OCR aware. Please correct ASAP! Thanks!

      181 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
      • Ability to add company logo images globally to all user signatures

        The ability to add a company logo or image to a signature as an admin globally for all users would be nice. Currently the suggested solution to append a disclaimer isn't ideal as it always posts the image to the very bottom of the email, not the signature. This doesn't work for a back and forth conversation thread since it starts stacking the image at the bottom.

        181 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          6 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
        • Enable Transport Rule action for Distribution Group

          In Exchange Online or EOP, We cannot create a transport rule with the action set to Distribution Group.

          It errors as follows :

          The transport rule can't be created because group@domain.com, the recipient to be added by a rule action, is a distribution group. Transport rules can't add distribution groups to messages. To resolve this error, remove this recipient and specify a different one.

          Since there are workarounds to resolve, Can this be fixed directly without any error.

          154 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            10 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
          • Add centralized company signature with mail flow rule (in a new/reply/forward email)

            I think is a good idea to add company email signature at the end of the email with the mail flow rule.
            At the moment this thing is possible but when I reply or I forward an email, my signature appear at the end of all email not at the end of my message,

            117 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              6 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
            • Allow labels to be used in DLP policies

              Recently classification labels were introduced in the Security & Compliance Center to help with retention of certain types of data classifications.

              We also have Azure Information Protection sensitivity labels (personal, public, internal, confidential, secret).

              DLP sensitive information types are good, but it would be even better if we could simply label groups of data as sensitive and apply DLP vs. trying to determine they are sensitive via the DLP sensitive information types. This would remove the complexity of trying to create custom sensitive information types when the out of the box types don't meet your needs.

              100 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                6 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
              • DLP workflow

                DLP workflow - currently there is effectively no DLP workflow. You can block emails from leaving by implementing a DLP policy, but you cannot create a workflow where items violating DLP are routed to a DLP admin team who review it, and can then take further action (review, release, escalate etc). This is pretty bread and butter stuff, and we have had to abandon using 365 DLP (we are using Mailguard for this instead) because it simply can't do what we and our customers need. DLP is not a simple "yes / no" - we've received hundreds of false positives…

                76 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  7 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                • add option to create a transport rule to send an automatic reply/response to a sender emailing a recipient in the organisation.

                  need an option to send an automatic reply/response to any sender emailing a specific recipient in the organisation via a transport rule. the option is available in Exchange 2013 so should be possible in Office 365. a rule from the mailbox is not suitable as this will only send the response once to each sender. the mailbox is not monitored so customers should be sent an acknowledgement email to confirm that their email has been received.

                  73 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    2 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                  • Policy Tip Support for Rules with Sender/Domain Filtering

                    Currently, Policy Tip actions are not supported when creating a DLP rule that has sender or domain filtering criteria.

                    The error message states "The NotifySender action isn't compatible with 'RecipientDomainIs' predicate."

                    We'd like to see this action supported so we can configure our rules based on our business requirements.

                    59 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                    • Introduce customisation to built in DLP rules (or allow exceptions to existing rules)

                      We use DLP on email to assist in our PCI compliance. As an online payments provider, we often provide dummy credit card information to help our customers set up their APIs (typically 4444 3333 2222 1111). Unfortunately, despite this *not* being a valid card number, it triggers Microsoft's built in "Credit Card" definition resulting in 100s of false positives per week. We need to have this hard coded as an exception to the "Credit Card" definition, or, better yet, allow definitions to be customised and/or excluded from via. the Admin portal.

                      56 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                      • dlp report

                        We need to improve reporting for violations on DLP on exchange. We need to extract a detailed report containing information related to the source of the violation. For example, if the violation comes from exchange email we need source email and destination.

                        50 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                        • Enable language support for Policy Tips in DLP/Security & Compliance

                          Need the possibility to have Policy Tips for DLP rules in multiple languages when created in Office 365 Security & Compliance (as you can do in Exchange Online Admin). The policy tip should match the language you have in Office. Now it's mixed with the static text in the Policy Tip and the custom text you have entered in the rule

                          47 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            5 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                          • Enable DLP rules for all OneDrives associated with users in a Group or DL

                            I have a department that wants to apply DLP rules to all of their users OneDrive for Business sites. I want a way to enable this by putting in a DL, Group, or Dynamic Group, so that the DLP rules get applied to all users onedrive's that are in the Group. Right now, I have to manually add every URL by hand.

                            47 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                            • Exclude email accounts from DLP policies

                              We would like to setup a DLP policy to prevent emails being sent containing NI/SSN information, with the option for users to override. However, we use Zendesk for client tickets which, when picked up in the policy, the override is seen by Zendesk as a auto-response and suspends the ticket.

                              We tried to exclude email accounts related to Zendesk but it appears the options were only visible because we were setup for First Release content and the ability to exclude emails should not be possible.

                              Please could this be added so that specific email accounts can be excluded from the…

                              45 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                              • Create DLP Policy Based on Sensitivity Label

                                Create a DLP Policy where you can add the Sensitive Label on it because currently, only Sensitive info type and Retention Label can be added

                                39 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                                • Provide watermark capability for sharepoint online libraries

                                  SharePoint online and One drive for business is positioned to be used for collaboration with 3rd parties . Features like RMS provide the security for collaboration. In addition, I would like to see if Microsoft can provide the ability to watermark documents ( word, ppt, exchange attachments, excel etc) to maintain the integrity of documents that are shared outside the organization. In particular, if a library or folder is slated for sharing , I would like to have the option to enforce preselected watermarks ( for example :user id, corporate, brand or some id) across all pages of the document…

                                  36 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Provide better guidance / documentation - or better yet - provide a tool to assist in building DLP rules and sensitive data types

                                    I think that creating custom DLP rules - and especially creating custom sensitive data types - is too much of a mystery for Microsoft's platform(s). It would be so useful if there were:
                                    1. Better documentation for DLP rule & data type creation
                                    2. A tool that admins could use to construct custom DLP rules and custom sensitive data types.

                                    Making it easy to create these so we can implement in Office365, On-Prem Exchange and SharePoint infrastructures, tying it closer together with data classifications, etc.

                                    35 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Allow for a reply transport rule

                                      Please add in the option to reply in mail rules.

                                      33 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Add DLP Policy for Panama's Cedula number (SSN equivalent)

                                        Please add a predefined DLP rule for Panama's Cedula number (SSN equivalent)

                                        30 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Transport Rules to Modify Email Display Names for External Email

                                          We want to be able to modify how external email displays in Outlook as a further step to combat phishing\spear phishing. Right now we can append text like **external email** to the subject or body of the message. Our InfoSec teams want us to be able to have the header read:
                                          Smith, John (COP-DAY) when its from our internal senders (traditional display name)
                                          But when its from someone external to our organization read:
                                          john.smith@externaldomain.com with NO display name or potentially false\spam\impersonated display name next to it to fool a user that isnt paying attention. Right now with Outlook 2016 it…

                                          27 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6 7 8
                                          • Don't see your idea?

                                          Feedback and Knowledge Base