Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Report all attachments scanned by Advanced Threat Protection Safe Attachments

    Currently reporting for Safe Attachments only shows malicious files. This makes it difficult to verify that Safe Attachment scanning is working as intended. It would be beneficial to be able to verify in a report detail regarding all attachments that have been scanned and marked as safe.

    This idea stems from a situation were Advanced Threat Protection was not scanning attachments for a tenant despite being configured to do so. Without checking through message traces or verifying with end users it was not possible to verify if it was working or not. The issue was further complicated as the reporting…

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  2. secure score filter by user licence

    Should be able to filter secure score recommendations based on the licence types within the tenant. For example, If the tenant is primarily an Office 365 / EMS E3 User base, you should be able to choose to ignore all Office 365 / EMS E5 User base security recommendations.

    Raised from Tech Community request

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  3. Defender ATP Columns for machine lists view

    if we can add the columns for most logged in user and last logged in user, this will make the tool even better when we pull a report for looking for a compromised end user quickly.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  4. Alert Excessive User Messages

    It is known with Exchange Online when a user sends excessive emails that their account will be blocked to prevent blacklisting. However there are no reports available for administrators to see this prior to the incident, Need a report option that as admins we can set a criteria on the number of emails sent from a mailbox prior to reaching the quota created by Microsoft. For example, more than 50 emails in 5 minutes, an alert would be triggered sending an email to an administrator.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  5. Make Audit Log Data Readable to Business Users

    The exported reports do not explain where something was accessed in any way that makes sense to business users, even the IT guys are struggling to read these reports. Please can an additional column be added only displaying the URL to the content accessed. The User ID and Operation columns are perfect, it's the Audit Data column that makes no sense.

    {"CreationTime":"2019-01-17T11:55:03","Id":"f8431c84-239b-4a78-6da2-08d67c729d8a","Operation":"SearchQueryPerformed","OrganizationId":"69193fbf-a336-4e0b-a500-e844e117162a","RecordType":4,"UserKey":"i:0h.f|membership|10030000aa36ae9d@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.109.108.43","ObjectId":"c4c7db9b-5533-4d9c-b9c1-182341a63832","UserId":"name@company.com","CorrelationId":"c4c7db9b-5533-4d9c-b9c1-182341a63832","EventSource":"SharePoint","ItemType":"Web","UserAgent":"MRU Service","EventData":"<ClientType>DocsSharedWithMe<\/ClientType>"}

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  6. License report

    Create license reports per O365 subscription. example: E1, E3, Project Online, Visio, Power BI, E5, etc? with end user login, UPN, Country, purchase date, last usage date.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  7. I would like to use activity report to retrieve activities which performed in OneDrive for Business

    It would be great if ODfB activity report can retrieve activities which specifically performed in ODfB because, the report always includes ODfB related activities which has been done in Microsoft Teams as well; such as file sharing.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  8. Retrieve the number of activities performed in SPO only

    I would like to retrieve the accurate number of activities which performed on SPO; because current activity report for SPO includes file sharing activities which operated in Microsoft Teams as well.
    I would like to see the activity counts in SPO only.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  9. Need to fetch report of outbound spam report which contains mails only delivered from HRDP (High Risk Delivery Pool)

    We had received outbound spam mails report, and there we have found all mails of outbound spam mail, but we want to filter those mails which only delivered from HRDP (High Risk Delivery Pool).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  10. Secure score - subjects that doesn't account in your orgs environment

    Would be great if the secure score would be so interactive that it would take hight for the conditions in the tenant. For example if the tenant is cloud only, why is there still a score to enabled password hash sync in the tenant

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  11. Secure Score - Doesn't take in account for CA policies

    The secure that rules if you have enabled MFA in you organization doesn't take account for if you are utilzing MFA via CA. Please score after this

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  12. The captcha of portal https://sender.office.com/ not working !

    The captcha of portal https://sender.office.com/ not working !
    the captcha is almost illegible and always answers that it is wrong.
    maybe you do it on purpose?

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  13. To be able to generate/export an Executive Report for Clean, Spam, Phishing and Malware Emails

    To be able to generate/export an Executive Report for Clean, Spam, Phishing and Malware Emails

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  14. More information on Impossible Travel email for end user

    We get the impossible travel alert triggered a lot as many of our people use a VPN for security as they travel a lot. This is great as sometimes it really is a legitimate attack on their account. So as part of this, in case we miss one, i have set the alert up to also email the end user in question so they can let us know if we need to investigate it further or not.

    I had one of the emails forwarded to me today and there is absolutely nothing useful on it. Is there anyway we can…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  15. Real-time Logging within Auditing

    Audit logs in the security & compliance center are not populated or refreshed in real-time. Waiting for the audit logs to populate which could take up to 24 hours makes it ineffective with delayed data in order to track down issues/user activity/attacks/etc.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  16. Generic guest link report

    Ability to create a report that details every generic guest link created, including creation date and the person who created it. This is important to my organization because we want to disable guest links going forward, need to contact users who created them and give them a drop-dead date to replace them. Finally, we would need a means to delete the guest links.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  17. Specify the applied entity in the "Activity Map" on the Cloud App Security dashboard

    "Activity" on the world map might indicate "activities" as defined in the other reports on the dashboard about user activity. However it seems that the applied entity in the "Activity map" is defined as "active users with any number of activities (including any number of logins) during the specified time interval".
    A clarification about the definition and applied entity on the "Activity map" as well as in the documentation would be helpful and appreciated.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  18. Email reporting of Mailbox Usage Report

    We require the ability to have a weekly (or daily) report emailed to a chosen Administrator / user that gives a breakdown of Mailbox Usage (Storage Used / Quota Status / Issue Warning Quota / Prohibit Sent Quota / Prohibit Sent / Receive Quota)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  19. allow send report email to distribution groups instead of individual users.

    Reports in Security and Compliance portal can be sent to individual users only. Distribution groups cannot be selected as recipients. Using groups would be a much easier solution for all admins

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make the Exchange email activity report to obtain specific data

    I would like the Exchange email activity report to output data including earlier than 180 days, also I would like to list activities taken within JST time zone and other time zone separately.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base