Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Advanced Threat Protection Whitelist 2019

    ATP needs a way to whitelist inbound email (IP or domain) from being quarantined as malware. Back in 2016 this issue was resolved by adding exchange mail flow rules to add headers. However, this method no longer works, and Microsoft support (ticket 12611412) confirms that ATP filters before mail rules are applied, and there is no way to whitelist inbound IP's to bypass ATP malware filtering. The only options in the settings is based on recipient. In my case, I want to whitelist to allow a Security Awareness Training provider to send test emails to our users. ATP is incorrectly…

    78 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
    • Re-enable the Exchange Online Activities API (Magic Unicorn)

      Please re-enable the Exchange Online Activities API that allows for forensic investigation of Business E-mail Compromise incidents.

      Business E-mail Compromise is a very serious and active threat for all organizations. By default, Office 365 provides very little auditing capability to investigate this type of incident. Exchange Online mailbox auditing must be proactively enabled by the customer before the breach if they wish to get this level of auditing data.

      On June 18, 2018 it was publicly discovered that Microsoft does maintain this audit data even without the customer enabling it. It was available to all Office 365 customers via this…

      223 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
      • Block email if manager attribute is empty in message approvals

        message approval action in transport rule will check for empty manager attribute and if manager attribute is empty then will block or reject the message.

        36 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
        • Allow Partners to access the Security and Compliance Center

          Please grant Partners the ability to access the Security and Compliance Center through the Partner Admin portal.

          257 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            8 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • provide proper controls to meet data retention requirements by blocking users from joining third party teams

            Many industries require the monitoring and retention of communications on sanctioned platforms like teams. Things like the investment advisers act (SEC rule 204-2) require that companies monitor and retain communication channels used by and for the business. Teams is a great communication tool, but lacks the controls to block users from being invited to outside teams (via their corporate sign-on!). Once a user joins another team they are bypassing all of the compliance / retention policies of their corporate tenant where their ID is owned and managed. This is so bizarre! Tenant restrictions do work (blocking sign-in as long as…

            53 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • More details in message trace (client type and message class)

              On on-prem exchange servers, there are valuable information that are showing what client was used to send a message or meeting (like AirSync or MOMT, etc.), and Message Class (like IPM.Note or IPM.Schedule.Meeting.Request, etc.).
              This has proven to be valuable in determining some mailflow issues and would also be valuable information in Office 365 message trace.
              Thank you.

              122 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
              • Enable the encrypt button in Outlook for Business Premium subscriptions

                Enable the OME encrypt button in Outlook for users with a Business Premium with OME bolted on. This appears in OWA so why shouldn't it also be available in Outlook. If you are paying for the licence you should get the tools you need to use it.

                29 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
                • OneDrive Content search across Geos

                  Currently, performing a content search of OneDrives across a multi-geo environment isn't possible, it only searches the default Geo, not satellite Geos. If you create a security compliance filter targeted at your satellite geo and put the eDiscovery person in the role, then they can search that satellite geo. Please update oneDrive content search to search across geos the same way that an Exchange mailbox search works, without requiring adding/removing them from security compliance filters. (This workaround was the result of working with Microsoft Premier support, so it's legit.)

                  48 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
                  • Alert Policy for Inbox Rule Creation/Deletion/Modification

                    Currently O365 has an alert for forwarding/redirect rule within Security and Compliance Center. Considering that most phishing campaigns are crafted with someone setting up Inbox rules to move messages to another folder which are monitored, creating a man-in-the-middle attack. It would benefit tremendously to be alerted whenever a user creates/deletes/modify an inbox rule to prevent attacks before they happen.

                    22 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                    • Improve Spam (pishing) recognition, multiple senders, bypass spf

                      Analyzing several pishing eMails, I found that those eMails base on non rfc compliant eMails, using 2 Sender addresses.

                      MAIL FROM: <wicked@spam.com>
                      From: Display Name <good@wellknown.com> <wicked@spam.com>
                      (no sender field)

                      The trick is, to bypass SPF validation.
                      It is allowed to have multiple sender adresses, but the using in the example above is not RFC conform. My guess is, that the Spam engine is expecting RFC conform messages.
                      I have plenty pishing messages in my inbox, using excact this technique. Non of them is marked as spam. I can not think in any "legal"…

                      20 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                      • Enable language support for Policy Tips in DLP/Security & Compliance

                        Need the possibility to have Policy Tips for DLP rules in multiple languages when created in Office 365 Security & Compliance (as you can do in Exchange Online Admin). The policy tip should match the language you have in Office. Now it's mixed with the static text in the Policy Tip and the custom text you have entered in the rule

                        51 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          5 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add ability to deny EWS and MAPI clients using Basic Authentication, with Client Access Rules for Exchange Online

                          Currently, MFA for Azure AD / O365 is useless regarding protection of mailboxes in Exchange Online, as EWS and MAPI clients can still connect to mailboxes using Basic Authentication, even with Conditional Access rules in place to require MFA, and there's no way of denying this server-side on EXO.

                          The newly-released Client Access Rules feature promises this functionality in its documentation (see https://technet.microsoft.com/library/mt842508.aspx and https://technet.microsoft.com/en-us/library/dn913650(v=exchg.160).aspx), but unfortunately the functionality is crippled. You can only make rules in the following combinations (info from EXO Engineering team):

                          OutlookWebApp: BasicAuthentication, AdfsAuthentication
                          ExchangeAdminCenter: BasicAuthentication, AdfsAuthentication
                          RemotePowerShell: BasicAuthentication, NonBasicAuthentication
                          ExchangeActiveSync: BasicAuthentication, OAuthAuthentication, CertificateBasedAuthentication
                          IMAP4/POP3/OfflineAddressBook/PowerShellWebServices/ExchangeWebServices/REST:…

                          369 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            10 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →

                            Thanks for taking the time to provide this feedback. We’ve updated the TechNet documentation (https://technet.microsoft.com/library/mt842508(v=exchg.150).aspx) to clear up confusion around which authentication type and protocol combinations are supported in CARs. Expanding support for more combinations could prevent bad actors with valid credentials from accessing mailbox content, but it wouldn’t help with scenarios like password spray attacks or malicious lockout attempts because CARs are evaluated post-authentication. There’s work underway on a solution that covers a broader array of basic authentication scenarios – we’ll share more details as soon as possible. In the interim, this blogpost (https://cloudblogs.microsoft.com/enterprisemobility/2018/03/05/azure-ad-and-adfs-best-practices-defending-against-password-spray-attacks/) outlines the recommended approach for forcing multi-factor authentication when using AAD and ADFS.

                          • Creation of forwarding/redirect rule

                            So last night this rule triggered for the first time, wasn't really aware of it in the first place.

                            Severity:● Low

                            Time:6/13/2018 10:00:00 PM (UTC)

                            Activity:MailRedirect

                            User:person@email.com

                            Details: MailRedirect. This alert is triggered whenever someone gets access to read your user's email.

                            Description: This alert is triggered when someone in your organization creates an email forwarding or redirect inbox rules using Outlook web app or Powershell -V1.0.0.2

                            Now to me this is an incredibly frightening message to receive, since this person has access to extremely sensitive financial information. So since I was thinking this person had been compromised, I…

                            69 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              13 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
                            • Add download option to the Forwarding Report

                              The recent addition of Mail Flow insights to the Security & Compliance centre is helpful. But the FORWARDING REPORT is missing the facility to DOWNLOAD the data, or to schedule the creation of a report on FORWARDING.

                              Can you please look at the option to either allow the data to be downloaded, or for a report to be created/scheduled.

                              Thanks

                              97 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                7 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
                              • enable tls 1.3 support

                                please enable tls 1.3 support.
                                This will improve rtt times and improve privacy.

                                53 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
                                • Replace Captcha on passwordreset.microsoftonline.com

                                  The captcha on passwordreset.microsoftonline.com is extremely difficult to read for the average user and requires many refresh clicks to get a readable captcha. This is anti-customer and will become a problem with our non-technical users. The captcha used looks like something from a decade ago. There are better alternatives out there, please use them.

                                  27 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Fix the Unusual Volume of File Deletion Alert

                                    Our Office 365 tenant is generating 20+ of these alerts to our admins every day and every time we investigate, it is always the same story, the user is cleaning out old files or moving them from OneDrive to SharePoint. This alert needs some serious attention or organizations affected will just disable it.

                                    15 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      2 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Allow for redirect without credential prompt in O365 spear phishing attack simulator

                                      In the spear phishing scenario in O365 attack simulator there should be an option to redirect to the user defined landing page without first asking for credentials from the users.
                                      The reason for this is two-fold:
                                      1) We want to use the attack simulator to train our users to detect phishing. If they click the link we want them to land on a page with learning material showing the phishing indicators they should have noticed. If they first must enter credentials we will lose many users who clicks the link, but stops on the credential prompt, and for those who…

                                      16 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Phishing attacks using Office 365 compromised Accounts/ ATP safe links not working

                                        Hello Microsoft ATP Team,

                                        This is to bring to your notice that spammers/phishers have started targeting Office 365 Tenants which creates a mail loop between Office 365 hosted domains and these emails are getting circulated through which accounts gets compromised. We had a lot of incidences happening in our environment, As these emails are getting generated from the actual account hosted in Office 365 the email are considered to be safe and lands in users Inbox. We have ATP safe links policy in place however its not performing the job as expected. ATP is a great feature but we request…

                                        539 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          24 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Create DLP Policy Based on Sensitivity Label

                                          Create a DLP Policy where you can add the Sensitive Label on it because currently, only Sensitive info type and Retention Label can be added

                                          39 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 75 76
                                          • Don't see your idea?

                                          Feedback and Knowledge Base