Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve the flexibility of sensitive labels content markings

    We would like to have more formatting option when adding a header text like a left-aligned 10-inch margin.

    146 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow attack simulator to record results on non Azure joined devices

    We are trying to run the attack simulator in a hybrid environment but noticed it only records the results of users who opened an attachment if their device is joined to Azure. We currently have our iPhones joined so that test works but since our laptops/desktops are not joined to Azure we are unable to see the results. This is also an issue when using OWA.

    151 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. App Configuration to auto enable Defender ATP for Android

    After you deploy Defender ATP to users as a 'required' app and the app installs on a user's device, Defender ATP does not enable until after the user manually opens the app and clicks on the 'begin' button.

    The problem is that if you also have a compliance policy set for the "device threat level" to under a level, the the compliance policy can not be met for the device. This results in the device becoming non-compliant and users unable to access corporate data until they manually open the app and click begin.

    We would like an app configuration policy…

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Increase or release the limit for the policy with specific inclusions or exclusions

    I would request you to increase or release the limit on the number of mailboxes for the retention policy with specific inclusions or exclusions. When we create a policy with specific inclusions or exclusions for the retention policy in SCC, we can apply the policy up to 1,000 mailboxes. However, this limit would be a big burden for enterprises in terms of the tenant management as they have a huge number of users.
    Referenced the article below, https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies?view=o365-worldwide#a-policy-with-specific-inclusions-or-exclusions

    184 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Have a trusted user/domain setting that requires DMARC

    Currently, if I add a domain or account to the trusted senders list in the spam or phishing (for impersonation) policies, that address or domain can be spoofed. I'd like to see a setting that requires those addresses or domains to also pass DMARC (or SPF or DKIM if they may not pass DMARC or if DMARC isn't enabled) to be trusted. This would keep them safer from misuse.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Get-MailDetailATPReport - Increase result limit

    The result limit of 10,000 is way to low for a large organization, this needs to be increased to a realistic limit of 1,000,000

    https://docs.microsoft.com/en-us/powershell/module/exchange/get-maildetailatpreport?view=exchange-ps

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  7. Please add more Phishing Templates for Attack Simulator

    Please add additional Phishing Templates, or create a GitHub repository for the community to collaborate on phishing templates. Other solutions have rich libraries so if Microsoft wants to compete with other phishing simulators, it really needs more choices.

    94 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow duration of Retention label to be changed when the retention is based on when the label is applied

    When a retention label duration is based on the date the label is applied, the retention period may not be changed. It can be changed if the Created or last modified is chosen. This is impacting our ability to use the retention policies as they need to be active from the date of application with the capability to change duration in the future.

    106 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Simulate URL to ensure it’s correctly blocked

    I would like you to implement a feature to simulate the ATP safelinked URL to ensure that if it’s correctly blocked.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Advanced eDiscovery Locations Limited to 42 per custodian

    Currently, the limit to the number of locations that can be added for a single custodian to an Advanced eDiscovery case is 42, per MS Support. Creating cases is already very cumbersome and having to create more than 1 case because a custodian has more than 42 locations in all of Office 365 is an unreasonable ask. Please remove this limit, or at least allow a much higher number of locations to be added per custodian.

    85 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  11. DLP Template for POPI Act - South Africa

    Develop a DLP Template for compliance with POPIA (Protection Of Personal Information Act)

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  12. Need to scroll down completely to get older searches in Content Search

    In scenario where we have more than 500 searches in Content Search, it will only show you last 500 searches. If you need older searches then we have to scroll it down completely then only the older searches would get loaded. Sorting with Last-run also doesn't work. Microsoft to fix this problem.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  13. be able to empty Recoverable Items folders all items at once

    https://docs.microsoft.com/en-us/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-worldwide#step-5-delete-items-in-the-recoverable-items-folder

    this step 5 needs to change from maximum of 10 items when you have 400,000 items is not a valid solution

    A maximum of 10 items per mailbox are deleted when you run the previous command. That means you may have to run the New-ComplianceSearchAction -Purge command multiple times to delete all the items that you want to delete in the Recoverable Items folder. To delete additional items, you first have to remove the previous compliance search purge action. You do this by running the Remove-ComplianceSearchAction cmdlet. For example, to delete the purge action that was run in the…

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support bundling large numbers of keywords as part of and/or conditions inside sensitive info types

    Sensitive Info types used by CC, should offer more flexibility so that we can bundle all phrases associated with a certain behavior in one SI type. For example a collusion SI type might have several hundred combinations like the phrase "Keep this" with supporting phrase "between us" OR "Won't" with supporting phrase "tell anyone", etc. etc. etc. Currently SI types only let you use one primary phrase or set of phrases in combination with one or more supporting phrases. The alternative for us is to create thousands of SI types and you can only add 20 per CC policy.

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow for roles with least privileged access

    The concept of least privileged access is not be followed in the Office 365 Security and Compliance Center. We want to enable our support staff to remove restricted users when it has been confirmed that the account has not been compromised. In order to do this we must give them the Security Administrator Role which provided greater access that is not necessary or needed. Please provide the ability to create roles based on an organizations needs so we can keep with the best practice of least privileged access.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Push DLPRuleMatch INFO when Policy Tip is shown (outlook online)

    When a user gets a policy tip that their email contains sensitive data, they aren't allowed to send the email until they remove the data.
    In this scenario the management api doesnt get notified that this event ever occured and can't tell that a user was blocked from working.

    Would like the send button press to be detected and to send a rulematch event to the management api.

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  17. Include Reported Phishes in Microsoft Attack Simulator's Data Report

    In the Microsoft Attack Simulator it shows who opened the email and was compromised, and who did not. But there are no records of who used the microsoft 'report phish' tool to report the phishing attempt. I would like to have those metrics to know how many users took the correct steps once they identified the email as a phish, rather than who just deleted the email.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  18. Automatically remove deleted auto-applied labels from documents

    Auto-applied retention label, and the policy, was deleted, but the label is not going away for the records that were auto-tagged by this policy.

    For example, we created a new label, assigned a policy that would auto-apply the label based on keywords in the documents of the library. Then we deleted the policy and the label, but the document's retention label didn't disappear. We have waited 7+ days just to be safe, but the label on the record is still there. Is this the intended design? (We opened a ticket with Microsoft and they've confirmed this is the case -…

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Enhanced Email Phishing Warning Banner Capability

    Currently, you can create a transport rule in Exchange Online that appends a banner to emails. This is commonly used to notify recipients that the email is from an external sender, to warn them it may be a phishing attack if the person is spoofing an internal sender. Tool tips can also be used, but these are not as customizable and don't show in all clients. Please develop a native capability that allows further customizing and a more intelligence warning banner to be inserted into emails. For example, some 3rd party services have the ability to scan a mailbox to…

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ability to search inbox for internet message id

    In the Security & Compliance Center it notifies you of emails that were accessed by the Internet Message ID. To find the actual message and reproduce it you use Message Trace. This only works if the message was received in the past 90 days. We need the ability to search an inbox for an Internet Message ID for messages that were received long before the 90 days.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 120 121
  • Don't see your idea?

Feedback and Knowledge Base