Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Attack Simulator: Phishing Login server URL detected by common browsers (Chrome, Internet Explorer, Edge) as "Deceptive" or "Unsafe"

    When clicking on the link produced by the Spear Phishing attack simulator in https://protection.office.com/attacksimulator (Phishing Login server URL), common browsers like Chrome, Edge, or Internet Explorer detects the site as "Deceptive" or "Unsafe". This results to a failed simulation as no user will attempt to click on "visit this unsafe site". Even if the users click on the link, that of which is recorded, the test will always have a 0% Success Rate.

    Is there anyway that Microsoft can coordinate with the common browsers to "whitelist" all their Phishing Login server URLs?

    105 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. EMS Suite Licensing should be free for Government Tenants

    Government IT shops are an entirely different beast than from your typical commercial customer.

    An IT shop can range in size from 2-3 staff for a small city or 100s or 1,000s for a large city/county/state. Regardless of size in terms of staff or budget, ALL of us have an identical regulatory responsibility.

    Protecting critical infrastructure and services our citizens depend on isn't an optional activity. Why are the necessary tools contained in the EMS licensing suites not made available to Government entities free of charge? These are critical tools which must be utilized in order to best protect the…

    120 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Advanced Threat Protection Whitelist 2019

    ATP needs a way to whitelist inbound email (IP or domain) from being quarantined as malware. Back in 2016 this issue was resolved by adding exchange mail flow rules to add headers. However, this method no longer works, and Microsoft support (ticket 12611412) confirms that ATP filters before mail rules are applied, and there is no way to whitelist inbound IP's to bypass ATP malware filtering. The only options in the settings is based on recipient. In my case, I want to whitelist to allow a Security Awareness Training provider to send test emails to our users. ATP is incorrectly…

    182 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    17 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  4. Stop using the Spamhaus PBL on mail submitted by *authenticated* users

    I understand this is a duplicate of the below ticket, but MS is being particularly short sighted with the problems this causes:
    https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/20382373-stop-using-the-spamhaus-pbl-and-xbl-blocklists-on

    As per SpamHaus PBL description:
    THE PBL IS NOT A BLACKLIST. You are not listed for spamming or for anything you have done. The PBL is simply a list of all of the world's dynamic IP space, i.e: IP ranges normally assigned by ISPs to broadband customers routers/modems (DSL, DHCP, PPP, cable, dialup). It is perfectly normal for these IP addresses to be listed on the PBL. In fact all dynamic IP addresses in the world should…

    66 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Retention Policy - Office 365 Groups - Separate Deletion settings for Exchange & SharePoint workload

    Retention Policies for Office 365 Groups currently treat all resources the same (i.e. Exchange and SharePoint). We need the ability to configure email items to delete after X years, but not delete documents stored on SharePoint.

    79 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. Autosplit large e-discovery jobs into smaller jobs to make the search more efficient

    large e-discovery jobs keep failing due to wide scope. Could the tool autosplit the search into smaller jobs (smaller scope) and then recompile the result onto one report?

    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow Partners to access the Security and Compliance Center

    Please grant Partners the ability to access the Security and Compliance Center through the Partner Admin portal.

    570 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    27 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Report all attachments scanned by Advanced Threat Protection Safe Attachments

    Currently reporting for Safe Attachments only shows malicious files. This makes it difficult to verify that Safe Attachment scanning is working as intended. It would be beneficial to be able to verify in a report detail regarding all attachments that have been scanned and marked as safe.

    This idea stems from a situation were Advanced Threat Protection was not scanning attachments for a tenant despite being configured to do so. Without checking through message traces or verifying with end users it was not possible to verify if it was working or not. The issue was further complicated as the reporting…

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable MFA and Ensure all users registered for MFA actions should exclude shared mailboxes and resource mailboxes in Secure Secure

    Secure score for shared/resource mailboxes and any similar object types should be excluded by default.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Restrict permissions of app-only based Graph API applications to individual SharePoint Online resources

    Large organization start leveraging the Graph API to provide integrations between their third party applications and Office 365. When developing daemon based applications that usually require app-only permissions, we are facing a compliance and permission issue for such types of applications.

    If we take SharePoint Online as an example. If a business unit wants to develop daemon tool between their system and a subset of SharePoint Online sites, this cannot be accomplished without granting them access to all SharePoint assets of the organization.
    Let us assume I am going to build a daemon tool that is allowed to write to…

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  11. More Microsoft Teams activities need to be obtained in the audit log

    I would like you to add the following activities to be obtained for Microsoft Teams audit log.
    ・ Outbound chats (time/recipient)
    ・ Inbound chats (time/sender)
    ・Teams unique actions (emoji/GIF/Stickers/Memes)
    ・ Teams meeting creation

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Option to change the default organizational mailbox audit settings

    Since January 2019 you have changed the way mailbox auditing is working, by default you turned auditing on mailboxes on. See (https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing).
    It would be awesome if we could adjust the default audited actions on an Organizational level.

    I'm talking about a cmdlet (and switches) like:
    Set-OrganizationConfig -AuditAdmin Action, Action, Action -AuditOwner Action, Action -AuditDelegate Action, Action

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Fix enabling the Audit Log via Audit log search

    Fix enabling the Audit Log via Audit log search so that the PowerShell cmdlet "Enable-OrganizationCustomization" does not need manually run (used to happen automatically) and a two hour wait is not needed after that before the Audit log can be turned on (used to happen in the same step and take no more than 5-10 minutes total).

    The error is below and doesn't get much more verbose and unfriendly:

    Request: /api/adminauditlogconfig/EnableUnifiedAuditLogIngestion Status code: 500 Exception message: {"Message":"The command you tried to run isn\u0027t currently allowed in your organization. To run this command, you first need to run the command: Enable-OrganizationCustomization.","DiagnosticContext":"{Version:16.00.2956.005,Environment:NCUPROD,DeploymentId:18d19f7d03b848d7a3f3fb735faaefc6,InstanceId:WebRole_IN_2,SID:55fd38f7-f62b-427c-91d7-12d7a11ba643,CID:ad8a7cc4-e1fa-4914-8503-ea4b0f76ba2c}","Time":"2019-03-25T19:02:33.2250755Z","ExceptionType":"Microsoft.Exchange.Configuration.Tasks.InvalidOperationInDehydratedContextException","ExceptionData":{"Source":"AdminAuditLogConfig"}}…

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Know What Inbox Rule is Applied to Sent/Received Mail

    We will know as to what folder was the message routed to. But we aren't able to know what specific inbox rule is applied to that message.

    Knowing what inbox rule is applied to the message would help others with a handful of inbox rules implemented.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  15. Increase the ATP Anti-Phishing policy trusted domains limit

    ATP Anti-Phishing policy trusted domains has a limit that you can only add up to 20 trusted domains, once you add more domains the field starts to turn red and when click save, will show an error message "Please complete all required fields", ATP should has a larger limit or a way to extend the limit for the trusted domains

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enforce Microsoft Authenticator App Lock

    We would like to enforce the 'app lock' setting on the Microsoft Authenticator app to force users to either enter their device passcode or use biometric authentication before opening the app.

    This could be through an Intune app config or a built in setting.

    Currently if an unlocked device was compromised, the attacker would be able to circumvent account MFA security.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Authenticated Received Chain (ARC)

    When is Office 365 going to implement Authenticated Received Chain (ARC)?
    MailForwarding and send on behalf with different primary smtp addresses are causing DMARC to fail. Office 365 is implementing SRS (Sender Rewriting Scheme) but this is not going to resolve this.
    Note SRS rewriting does not fix the issue of DMARC passing for forwarded messages. Although an SPF check will now pass by using a rewritten P1 From address, DMARC also requires an alignment check for the message to pass. For forwarded messages, DKIM always fails because the signed DKIM domain does not match the From header domain. If…

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Alert Policy filters by domain name

    Currently Alert policies only allow the inclusion or exclusion of IP addresses. We want to create an Alert policy that checks for email being forwarded or redirected outside our Tenant. Adding the Exchange, O365 SMTP or Outlook Protection will not trigger any alerts of redirections or forwarding to other Tenants. Being able to use domain names will expand the usability of the filters.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Advanced Threat Protection (ATP) attachment scan delay too long

    When the Advanced Threat Protection (ATP) safe attachment policy is set to dynamic delivery, the attachment scan can take around 30 minutes. It just says scan in progress. this is way too long and severely impedes the work flow in a fast pace environment where the scans are needed the most. They should be designed to scan instantly.

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Re-enable the Exchange Online Activities API (Magic Unicorn)

    Please re-enable the Exchange Online Activities API that allows for forensic investigation of Business E-mail Compromise incidents.

    Business E-mail Compromise is a very serious and active threat for all organizations. By default, Office 365 provides very little auditing capability to investigate this type of incident. Exchange Online mailbox auditing must be proactively enabled by the customer before the breach if they wish to get this level of auditing data.

    On June 18, 2018 it was publicly discovered that Microsoft does maintain this audit data even without the customer enabling it. It was available to all Office 365 customers via this…

    289 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 95 96
  • Don't see your idea?

Feedback and Knowledge Base