Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Split O365 labels for Protection from O365 labels for Retention

    Do not integrate Protection settings and Retention settings please.

    Retention policies within my organisation are related to data types (or content types), not related to protection. If you use only SharePoint then retention policies can be implemented using SharePoint content types, however when looking wider then SPOL, you can implement Retention policies using O365 labels. Using the O365 label integration with SPOL library settings was a good start.
    However integrate O365 labels and AIP labels (as I saw at a recent Ignite session) is not a good idea. If you are going to combine Protection and Retention in ONE label…

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add retention tags for Notes and Calendar

    Please add the Notes and Calendar from the Exchange Admin Center to new Compliance / Security section

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. compliance manager

    GDPR - "Statement of Applicability"

    I'd like to see a statement similar to what we are familiar with in ISO27K - addressing which controls are excluded from Annex A.

    With regards to GDPR I'd rather go for which Articles are not covered and why. Otherwise there will be endless discussions for completeness.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support 'guest users' as collaborators on Cases.

    Support 'guest users' as collaborators on Cases.

    It seems like a defect that guest users are not currently supported as collaborators.

    In a support case I was told: 'As we have discussed it is by design that we can not assign a guest user as e-discovery manager'.

    If this is the case, then the design is flawed: While it is possible to assign a Guest AD User as a collaborator on a Case. It then does not work - they are not granted access. They can login to Security and Compliance center, but unable to view assigned Case.

    Please fix…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. Compliance manger needs localisation -- german

    Compliance manger needs localisation -- german and referal to german DSGVO terms

    legally you cannot expect from german non certified lawyers to "translate" e.g. must into have to or shall or maybe etc.
    So I would expect Microsoft to do this and match it against local DSGVO laws incl. German regulations

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  6. To have a separate domain whitelist for Sharepoint and Onedrive

    There are situations where Admins will want to restrict Onedrive sharing to within a set of domains while selective sites in Sharepoint to have the ability to share out to more.

    This is current not possible and a compromise has to be made for this compliance requirement.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enabling MDM to work with Pattern unlock mode on mobile devices.

    Enabling MDM to work with Pattern unlock mode on mobile devices as it does with fingerprint. not sure if it works with facial recognition but that is a thought as well. Improve MDM's security with today's technology.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow for the creation of a custom sensitity type with Finger Printing in the security and compliance centre.

    Allow for the easy creation of a custom sensitity type with Finger Printing (like in Exchange Online) in the security and compliance centre. When DLP engines are merged, allow AIP to use "finger printed" sensitivity types as a condition for recommend or auto classification

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. Show expiry date on documents in OneDrive and all ShrePoint Online Sites from the global retension labels

    Having set up a retention label to delete all documents in users OneDrive's and SharePoint Sites if not modified in last 7 years the users do not get to see a expiration date against all documents.

    The expiry notice does work with Email Retention, it would be good if the same was seen on documents

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  10. Limited Search/Only Display objects able to search fo

    I have setup a rolegroup in compliance this group is only able to search mailboxes that have a custom attribute set (compliance filter) we would like 2 things to occur
    1. the users in the rolegroup should only see in the mailbox list the mailboxes they have rights to search.
    2. Once they create a search they should only be able to manage their results and no other ones currently they can see and modify other users searches

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  11. Reduce the amount of time needed to view the activity list in an alert

    It takes at least an hour before I can see the data in an activity list of an alert.
    In a redirect/forward creation rule alert, the details in the activity list are very important when you need to ***** the potential security risk. And you want to be able to do it immediately and not to wait an hour for it.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  12. Need that Cortana connect to O365 work, i device have a securtiy baseline from Intune. See REG:118022317698163

    See REG:118022317698163: Cortana did not work, if device have a Security baseline and Compliance check from Intune

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. retention permanently delete

    Allow deletion policy to permanently delete files instead of going to recycle bin. The old Compliance Center in SharePoint Online had this option but it is not in the O365 version. This is a requirement for legal compliance.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. Provide the ability to call a Microsoft Flow in a Retention Label in Security and Compliance Center similar to an IRM policy in a library.

    When configuring a retention label in security and compliance center a Microsoft Flow should be an option to execute when executed. Similar functionality exists in Information Rights Management in a document library that can call a SharePoint designer workflow. Flow should be integrated into SCC to accommodate custom actions.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  15. Additional compliance standards

    Additional compliance controls could be added (ie, ISO20000, CMMI, etc) that can be self managed but could be a hub for all compliance activities. For those of us having to comply with multiple standards it's difficult to split assessments and management across multiple tools.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable content logging for Teams

    We are a healthcare shop, and as such need to comply with HIPAA regulations as well as industry specific regulations, such as HiTrust. As part of that, we have to enforce centralized logging and content management for any IM/collaboration tools for auditing and DLP issues.

    I have been told that the current feature set of the product does not support this because those conversations are deemed confidential/personal. However, being that we are a healthcare shop with high security concerns, company services have no reasonable expectation of privacy.

    So I would like this to be added as a feature, as well…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. provide a way to check retention tag status from user's mailbox via admin portal and via power shell for retention reporting and monitoring

    When corporate user mailboxes are assigned retention policies, administrator should have ways to know if user's folder have personal tag or not, to understand how user protect their data.And a power shell command for checking retention tag on specific folder would be necessary.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. file tipe

    En la retención de OneDrive poder buscar por tipo de archivo no solo por palabras claves

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  19. No SharePoint UI notification when attempting to delete a site under a retention policy

    When attempting to delete a SharePoint site that is currently under a Retention Policy to keep it. There is no notification in the UI that informs the user that the site cannot be deleted, or that its part of a retention policy. (Modern Experience) Attempts to delete a site via PowerShell result in an error message, but the SP UI moves on as though the site were deleted.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  20. Include definitions for Eco Manager's Certification Scope columns

    Include definitions that describe what each column refers to, e.g., what are Certification Dependencies and how do they relate to Office365 and CRM.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base