Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable the Alert Policy to capture the user logon activity

    Audit Log Search -> New Alert Policy
    The option "User Signed in mailbox" doesn't work.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. O365 logs shows multiple login entries within a minute. Would could be the reason for such a Behavior

    O365 logs shows multiple login entries within a minute. Would could be the reason for such a Behavior

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. Microsoft 365 NIST 800-171 Assessment in Compliance Manager

    Can you add the NIST 800-171 assessment in Compliance Manager for the product Microsoft 365?

    Right now the product list only includes: Azure, Azure Government, Dynamics, Office 365 and Professional Services. No M365 :(

    Thanks!

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide Informational Popup indicating that it's not possible to upload a new APN Certificate when one is already installed.

    Please provide Informational Popup indicating that it's not possible to upload a new APN Certificate when one is already installed. As is, nothing happens when clicking the upload button after browsing and selecting the APN Certificate which led me to believe there was an issue with the "Install Apple Push Notification Certificate" wizard.

    Rather than reinstalling the APN, all I had to do was Renew the currently installed APN on the Apple Push Certificates Portal.

    Had there been a pop-up indicating that an APN already exists, I would've save myself and MS Support team sometime.

    Thanks!

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. How about verbal assistance

    I once again request the help that comes from tech guru gums flapping. Questions answered in an personal way. The articles are informative to an extent, but yrs. is not an option for anymore unwanted edu. Lets talk... 8323408771 8325694539
    - Kristen Cole
    17210 Heritage bay 77598

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  6. unusual external file activity

    Add the ability to whitelist certain SharePoint sites from the unusual external file activity alert. We have several sites that are designed to be shared externally, have no sensitive data, and that we do not need to be alerted about. We don't have any way of filtering those out of the alerts though, so we are regularly getting useless notifications and have a hard time filtering through to find the ones we actually do care about.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add More MS Products to the Compliance Manager

    Hello,

    I can see that it took a lto of work, but if you could assign even one person for all major MS product lines to address adding these products to the Compliance Manager, like you have for Office 365, in particular VTST and TFS, that would be great. I know that these products aren't necessarily associated with personal data; however depending on what you're developing and also in thinking a privacy by design, this is where it happens in the MS world. Maybe SSMS too.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. Customer managed granularity for CSPs in compliance manager for Office 365

    Allow the ability to split the Customer field into CSP and Customer(s). Also associated permissions to see what you are assigned via groups. Shared responsibility is not always just two parties.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. Automatic deletion of shared document links for deleted documents

    Hello,

    If a user deletes a document, the link for other users doesn't disapear.
    Would it be possible to implement a batch that analyzes the deletion of documents and automatically impacts the shared information for other users of the organisation?

    I tried with various situation, placing the document in the two different bin and it is necessary to delete the share configuration before the document.
    It is very impacting, if you consider that most of user don't think about deleting the share option before deleting a document, and as soon as the document is no more accessible, you have a…

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  10. Users not getting prior intimation of Password Expiration notification

    We have done setting in office 365 admin - security setting for password expiration as 60 days expiration period and 14 days advance notWe have done setting in office 365 admin - security setting for password expiration as 60 days expiration period and 14 days advance notification to user on password expiration. User not getting such notification after expiration period and IT dept. has to reset each and every user password from admin ification to user on password expiration. User not getting such notification after expiration period and IT dept. has to reset each and every user password from admin…

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  11. Include Center for Internet Security guidelines

    Create Azure Security and Compliance Blueprint based on CIS recommendations for MS Azure platform.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable by default alert Activity from infrequent country

    These anomaly detection policies are only available for E5 users or MS CAS.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Need to add DFARs to this.

    Please add DFARs compliance score to this tool.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. We currently have in-place holds for mailboxes that expire after 1 year.

    We currently have mailbox in-place holds that expire after 1 year. This allows us to meet compliance policy without having to go back and manually delete holds after the required time. Can you do something like that in eDiscovery?

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add to the FAQ a description of the 'Manage Documents' feature

    If a document is uploaded for a control, is it accessible in the other Assessments for related controls? If a document is uploaded, can it be referenced by several controls? or does one upload the document several times?

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. Illegal data collection Office 365 MAC

    If you install Office 365 for MAC you get the question if you want to share full diagnostic data or basic diagnostic data, but you can’t select no data. According to the EU law this is not allowed (ref. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679).

    Of course, you are collecting anonymized data (at least this is what you say), but technically you need an identifier (unique ID) for receiving data. This UID represents the customer and therefore this is personal data. If you really use no UID, there are technical solutions to analyze big data and find a specific information.

    You are allowed to…

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow Office365 labels to reference external data for retention trigger, e.g. BCS

    In SharePoint we can reference an external data source for a retention trigger, using BCS (Business Connectivity Services). This would allow us to trigger a retention event based on some external event such as the date an employee leaves the company. Apparently this is not possible now with Office365 policies/labels, but I think it would be a very useful feature.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. Dynamics 365 SOC I type II report ran every 6 months.

    For our SOX auditing, we are in need of a Dynamics 365 SOC I Type II report ran every 6 months instead of once a year. Because of our fiscal year end timing and the timing of the current yearly report the external auditors are unable to find comfort int he amount of months currently coverer

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  19. Alert whenever a user attempts to send an attachment to an external recipient

    With the advent of the EU GDPR we feel it would be useful to be able to alert users if they have included an attachment on an e-mail to an external recipient to ensure that the content of the attachment is appropriate for the recipient i.e. no personal information.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  20. "Envelope-From" Option should be add in Content search.

    "Envelope-From" Option should be add in Content search. So Admin can search through the Envelope From address. When you search through from address the content search is not working for that specific spam emails.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base