Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Partners to access the Security and Compliance Center

    Please grant Partners the ability to access the Security and Compliance Center through the Partner Admin portal.

    168 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • OneDrive Content search across Geos

      Currently, performing a content search of OneDrives across a multi-geo environment isn't possible, it only searches the default Geo, not satellite Geos. If you create a security compliance filter targeted at your satellite geo and put the eDiscovery person in the role, then they can search that satellite geo. Please update oneDrive content search to search across geos the same way that an Exchange mailbox search works, without requiring adding/removing them from security compliance filters. (This workaround was the result of working with Microsoft Premier support, so it's legit.)

      45 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
      • Add ability to deny EWS and MAPI clients using Basic Authentication, with Client Access Rules for Exchange Online

        Currently, MFA for Azure AD / O365 is useless regarding protection of mailboxes in Exchange Online, as EWS and MAPI clients can still connect to mailboxes using Basic Authentication, even with Conditional Access rules in place to require MFA, and there's no way of denying this server-side on EXO.

        The newly-released Client Access Rules feature promises this functionality in its documentation (see https://technet.microsoft.com/library/mt842508.aspx and https://technet.microsoft.com/en-us/library/dn913650(v=exchg.160).aspx), but unfortunately the functionality is crippled. You can only make rules in the following combinations (info from EXO Engineering team):

        OutlookWebApp: BasicAuthentication, AdfsAuthentication
        ExchangeAdminCenter: BasicAuthentication, AdfsAuthentication
        RemotePowerShell: BasicAuthentication, NonBasicAuthentication
        ExchangeActiveSync: BasicAuthentication, OAuthAuthentication, CertificateBasedAuthentication
        IMAP4/POP3/OfflineAddressBook/PowerShellWebServices/ExchangeWebServices/REST:…

        358 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          10 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →

          Thanks for taking the time to provide this feedback. We’ve updated the TechNet documentation (https://technet.microsoft.com/library/mt842508(v=exchg.150).aspx) to clear up confusion around which authentication type and protocol combinations are supported in CARs. Expanding support for more combinations could prevent bad actors with valid credentials from accessing mailbox content, but it wouldn’t help with scenarios like password spray attacks or malicious lockout attempts because CARs are evaluated post-authentication. There’s work underway on a solution that covers a broader array of basic authentication scenarios – we’ll share more details as soon as possible. In the interim, this blogpost (https://cloudblogs.microsoft.com/enterprisemobility/2018/03/05/azure-ad-and-adfs-best-practices-defending-against-password-spray-attacks/) outlines the recommended approach for forcing multi-factor authentication when using AAD and ADFS.

        • audit logs will repeat the sendonbehalf log again, when you change the mailbox delegation

          when you edit the mailbox delegation, the audit log will show a record of sendonbehalf.

          20 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
          • secure score deep link to specific recommendations

            Overall, secure score is great, BUT in this situation of trying to tell another user about a particular recommendation is VERY difficult.

            Basically, you have to tell them to come to securescore.microsoft.com, drag their slider alll the way to extreme, and then search for the title, since it pops out from the side, it can't be linked to (that I could find)
            updating the URL in the bar or providing a Link button like docs.microsoft.com does https://i.imgur.com/EwrP3F0.png would be SUPER useful

            This is painful as I often direct my peers to secure score recommendations, but right now it's explaining the…

            24 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Real-time Logging within Auditing

              Audit logs in the security & compliance center are not populated or refreshed in real-time. Waiting for the audit logs to populate which could take up to 24 hours makes it ineffective with delayed data in order to track down issues/user activity/attacks/etc.

              14 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
              • Alert Policy for Inbox Rule Creation/Deletion/Modification

                Currently O365 has an alert for forwarding/redirect rule within Security and Compliance Center. Considering that most phishing campaigns are crafted with someone setting up Inbox rules to move messages to another folder which are monitored, creating a man-in-the-middle attack. It would benefit tremendously to be alerted whenever a user creates/deletes/modify an inbox rule to prevent attacks before they happen.

                14 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                • DLP policy tips on O365 mobile apps

                  Whilst automated responses are OK, it would be much better if policy tips could form part of the native Office mobile apps.

                  11 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                  • Provide the ability to edit the default protection alert(s) in powershell

                    First off the help for new-protectionalert -examples should provide more information than "insert example commands for example 1"

                    Secondly, it does not appear to be possible to edit the default protectionalerts that exist on a new tenant in powershell.

                    Attempting to get and then set the recipient crashes the powershell as follows.

                    get-protectionalert | ? {$_.operation -eq 'MailRedirect'} | set-protectionalert -notifyuser noc@nocdomain.com
                    WARNING: An unexpected error has occurred and a Watson dump is being generated: There is no rule matching identity
                    'f00ed340-8f84-4eb4-83f3-0075a22b262e\Creation of forwarding/redirect rule'.
                    There is no rule matching identity 'f00ed340-8f84-4eb4-83f3-0075a22b262e\Creation of forwarding/redirect rule'.
                    + CategoryInfo : NotSpecified: (:)…

                    18 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      2 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                    • Allow auditing a meeting item by the starting-ending date (not only the made date)

                      You can possibly search the meeting item by the date when the item was made, executing the command below.

                      New-ComplianceSearch -Name "<Searching name>" -ExchangeLocation <UPN> -ContentMatchQuery {date=<yyyy-mm-dd>..<yyyy-mm-dd> AND kind=meetings}

                      The query "kind=meetings" inserted in ContentMatchQuery makes the search possible but this command (and query) can only search by the date when the meeting item was made.
                      I would like to search and audit by the date when the meeting starts and end too.

                      7 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
                      • Rename and change order / priority of DLP Policies and Rules

                        There needs to be a way to rename the new DLP Policies and their Rules - even if it is just via PowerShell. Orders and priorities need to be changeable as well. The fact that they have to be recreated is unmanageable when there are lots of policies or rules.

                        9 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                        • When MFA is down, add a message to the login screen

                          When the Multi Factor Authentication service is down, end-users have no idea based on the login process. The login screen appears to send an authentication code or prompt, but nothing is received.
                          If MFA is experiencing a known outage and Microsoft have indicated in the Service Health Dashboard that they’re investigating, please display an outage message in the Modern Authentication login screen

                          6 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Office 365 labels - allow deletion of documents with labels

                            Please allow users to delete documents with Office 365 labels and keep such deleted documents in a secure location for the duration of the retention period as described on the following label tooltip in Office 365: ""We'll make sure the labeled content stays put where it currently lives. For example, email messages will stay in mailboxes and docs will stay in SharePoint or OneDrive libraries. If users modify or delete the content, we'll keep a copy of it in a secure location so you can get to it if you need to." At the moment SharePoint documents with labels can't…

                            28 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                            • How about you use SPF records to verify the validity of a mail server like the rest of the industry?

                              We moved our client to a new internet connection and changed their MCX and SPF records accordingly (both records had a TTL of 60 seconds). 3 hours later, they told us O365 was blocking them. Check of industry blacklists and SPF Validity tests indicated noone else had a problem receiving their mail, it was just O365 being *special*

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                              • 4 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                                • Safe attachment scan speed must be improved. Productivity took a huge hit. 5-10 minutes scan are not acceptable with high profile users

                                  We took a hit when enabled ATP with safe attachments via dynamic delivery. We got many complains across the board about the time it takes (5-10 minutes, 15-30 minutes, 2 hours, 4 hours, sometime attachments never made it) for the attachments to arrive to the sent emails. We need ATP to work more efficiently and scan time must drops down to a tolerable level like 60 seconds or less (or at least cut the scan time in half)

                                  6 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Enable Audit Log Search facility to capture mobile device serial number or device specific information, so we can track exact device

                                    Enable Audit Log Search facility to capture mobile device serial number or device specific information, so we can track exact device that is carrying out the actions in 365
                                    Currently, the audit log is full of information, none of which is device specific

                                    4 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Admin who has a Exchange Plan 1 should also have a full detail Information for Audit logs results

                                      global Admin who has a Exchange Plan 1 should also have a full detail Information for Audit logs.

                                      6 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
                                      • 129 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          6 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                                        • delete content from content search through gui not using New-ComplianceSearchAction

                                          Currently users with the ediscovery role can run search for content and download that content. Using the New-ComplianceSearchAction -purge -softdelete you can delete this content (which we use for deleting spam or malware emails out of mailboxes). We do not want our security operations team to use powershell to complete these deletes so we have to write a gui to provide this functionality. Please enable the ability to complete deletes within the SCC itself

                                          46 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            3 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 67 68
                                          • Don't see your idea?

                                          Feedback and Knowledge Base