Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. EMS Suite Licensing should be free for Government Tenants

    Government IT shops are an entirely different beast than from your typical commercial customer.

    An IT shop can range in size from 2-3 staff for a small city or 100s or 1,000s for a large city/county/state. Regardless of size in terms of staff or budget, ALL of us have an identical regulatory responsibility.

    Protecting critical infrastructure and services our citizens depend on isn't an optional activity. Why are the necessary tools contained in the EMS licensing suites not made available to Government entities free of charge? These are critical tools which must be utilized in order to best protect the…

    120 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Advanced Threat Protection Whitelist 2019

    ATP needs a way to whitelist inbound email (IP or domain) from being quarantined as malware. Back in 2016 this issue was resolved by adding exchange mail flow rules to add headers. However, this method no longer works, and Microsoft support (ticket 12611412) confirms that ATP filters before mail rules are applied, and there is no way to whitelist inbound IP's to bypass ATP malware filtering. The only options in the settings is based on recipient. In my case, I want to whitelist to allow a Security Awareness Training provider to send test emails to our users. ATP is incorrectly…

    155 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    15 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  3. Retention Policy - Office 365 Groups - Separate Deletion settings for Exchange & SharePoint workload

    Retention Policies for Office 365 Groups currently treat all resources the same (i.e. Exchange and SharePoint). We need the ability to configure email items to delete after X years, but not delete documents stored on SharePoint.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow Partners to access the Security and Compliance Center

    Please grant Partners the ability to access the Security and Compliance Center through the Partner Admin portal.

    497 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    21 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Restrict permissions of app-only based Graph API applications to individual SharePoint Online resources

    Large organization start leveraging the Graph API to provide integrations between their third party applications and Office 365. When developing daemon based applications that usually require app-only permissions, we are facing a compliance and permission issue for such types of applications.

    If we take SharePoint Online as an example. If a business unit wants to develop daemon tool between their system and a subset of SharePoint Online sites, this cannot be accomplished without granting them access to all SharePoint assets of the organization.
    Let us assume I am going to build a daemon tool that is allowed to write to…

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Increase the ATP Anti-Phishing policy trusted domains limit

    ATP Anti-Phishing policy trusted domains has a limit that you can only add up to 20 trusted domains, once you add more domains the field starts to turn red and when click save, will show an error message "Please complete all required fields", ATP should has a larger limit or a way to extend the limit for the trusted domains

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Know What Inbox Rule is Applied to Sent/Received Mail

    We will know as to what folder was the message routed to. But we aren't able to know what specific inbox rule is applied to that message.

    Knowing what inbox rule is applied to the message would help others with a handful of inbox rules implemented.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  8. Fix enabling the Audit Log via Audit log search

    Fix enabling the Audit Log via Audit log search so that the PowerShell cmdlet "Enable-OrganizationCustomization" does not need manually run (used to happen automatically) and a two hour wait is not needed after that before the Audit log can be turned on (used to happen in the same step and take no more than 5-10 minutes total).

    The error is below and doesn't get much more verbose and unfriendly:

    Request: /api/adminauditlogconfig/EnableUnifiedAuditLogIngestion Status code: 500 Exception message: {"Message":"The command you tried to run isn\u0027t currently allowed in your organization. To run this command, you first need to run the command: Enable-OrganizationCustomization.","DiagnosticContext":"{Version:16.00.2956.005,Environment:NCUPROD,DeploymentId:18d19f7d03b848d7a3f3fb735faaefc6,InstanceId:WebRole_IN_2,SID:55fd38f7-f62b-427c-91d7-12d7a11ba643,CID:ad8a7cc4-e1fa-4914-8503-ea4b0f76ba2c}","Time":"2019-03-25T19:02:33.2250755Z","ExceptionType":"Microsoft.Exchange.Configuration.Tasks.InvalidOperationInDehydratedContextException","ExceptionData":{"Source":"AdminAuditLogConfig"}}…

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Option to change the default organizational mailbox audit settings

    Since January 2019 you have changed the way mailbox auditing is working, by default you turned auditing on mailboxes on. See (https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing).
    It would be awesome if we could adjust the default audited actions on an Organizational level.

    I'm talking about a cmdlet (and switches) like:
    Set-OrganizationConfig -AuditAdmin Action, Action, Action -AuditOwner Action, Action -AuditDelegate Action, Action

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  10. content search need more condition

    1.we need a function to monitor all user send email to external without cc an internal user
    2.we need do the content search by folder, we only want the email in the deleted item and purges

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Disable hyperlink in html emails

    Have a mechanism to restrict opening hyperlinks in email for a period of time for users who fail phishing simulations in both Outlook client and OWA.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Re-enable the Exchange Online Activities API (Magic Unicorn)

    Please re-enable the Exchange Online Activities API that allows for forensic investigation of Business E-mail Compromise incidents.

    Business E-mail Compromise is a very serious and active threat for all organizations. By default, Office 365 provides very little auditing capability to investigate this type of incident. Exchange Online mailbox auditing must be proactively enabled by the customer before the breach if they wish to get this level of auditing data.

    On June 18, 2018 it was publicly discovered that Microsoft does maintain this audit data even without the customer enabling it. It was available to all Office 365 customers via this…

    266 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Alert Policy for Inbox Rule Creation/Deletion/Modification

    Currently O365 has an alert for forwarding/redirect rule within Security and Compliance Center. Considering that most phishing campaigns are crafted with someone setting up Inbox rules to move messages to another folder which are monitored, creating a man-in-the-middle attack. It would benefit tremendously to be alerted whenever a user creates/deletes/modify an inbox rule to prevent attacks before they happen.

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. to get a detailed message trace with over 3000 messages included

    currently, it says:
    If your message trace results exceed 3000 messages for a detailed report, it will be truncated to the first 3000 messages. If you do not see all the results that you need, we recommend that break your search out into multiple queries.

    but we find the report can only include details of 1000 messages. In fact, for sales department, users will send or receive nearly 1000 emails. Then, it will be quite difficult for we IT staff to check if mail flow is healthy or not (delay issue) within the whole month. We should be able to…

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  15. provide proper controls to meet data retention requirements by blocking users from joining third party teams

    Many industries require the monitoring and retention of communications on sanctioned platforms like teams. Things like the investment advisers act (SEC rule 204-2) require that companies monitor and retain communication channels used by and for the business. Teams is a great communication tool, but lacks the controls to block users from being invited to outside teams (via their corporate sign-on!). Once a user joins another team they are bypassing all of the compliance / retention policies of their corporate tenant where their ID is owned and managed. This is so bizarre! Tenant restrictions do work (blocking sign-in as long as…

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Block email if manager attribute is empty in message approvals

    message approval action in transport rule will check for empty manager attribute and if manager attribute is empty then will block or reject the message.

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Policy tips don't work in Outlook for some types of policy

    The documentation on policy tips states that the following tips are not currently supported in Outlook 2013 and beyond:

    We're currently working on support for showing policy tips for additional conditions. These include:

    Any email attachment's content could not be scanned
    Any email attachment's content didn't complete scanning
    Attachment file extension is
    Attachment is password protected
    Document property is
    Recipient domain is
    Sender IP address is

    Support for these tips needs to be added, as this makes the policy much less useful (for example, you can't set an "advisory" policy that attachments shouldn't be sent outside the domain as there…

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  18. secure score filter by user licence

    Should be able to filter secure score recommendations based on the licence types within the tenant. For example, If the tenant is primarily an Office 365 / EMS E3 User base, you should be able to choose to ignore all Office 365 / EMS E5 User base security recommendations.

    Raised from Tech Community request

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  19. In ATP, sending notification emails to recipient of the quarantined emails as part of Safe attachment and Anti-Phishing

    In ATP, sending notification emails to recipient of the quarantined emails as part of Safe attachment and Anti-Phishing has to be implemented. considering legit emails being tagged as part of these policies, this feature will help to a great extent in handling clients.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. More details in message trace (client type and message class)

    On on-prem exchange servers, there are valuable information that are showing what client was used to send a message or meeting (like AirSync or MOMT, etc.), and Message Class (like IPM.Note or IPM.Schedule.Meeting.Request, etc.).
    This has proven to be valuable in determining some mailflow issues and would also be valuable information in Office 365 message trace.
    Thank you.

    129 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 88 89
  • Don't see your idea?

Feedback and Knowledge Base