Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow attack simulator to record results on non Azure joined devices

    We are trying to run the attack simulator in a hybrid environment but noticed it only records the results of users who opened an attachment if their device is joined to Azure. We currently have our iPhones joined so that test works but since our laptops/desktops are not joined to Azure we are unable to see the results. This is also an issue when using OWA.

    148 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Please add more Phishing Templates for Attack Simulator

    Please add additional Phishing Templates, or create a GitHub repository for the community to collaborate on phishing templates. Other solutions have rich libraries so if Microsoft wants to compete with other phishing simulators, it really needs more choices.

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enhanced Email Phishing Warning Banner Capability

    Currently, you can create a transport rule in Exchange Online that appends a banner to emails. This is commonly used to notify recipients that the email is from an external sender, to warn them it may be a phishing attack if the person is spoofing an internal sender. Tool tips can also be used, but these are not as customizable and don't show in all clients. Please develop a native capability that allows further customizing and a more intelligence warning banner to be inserted into emails. For example, some 3rd party services have the ability to scan a mailbox to…

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Keep search-mailbox

    Microsoft announced its intention to retire legacy eDiscovery tools on 4/1/2020. We would like to see search-mailbox kept in service at least until all functionality has transitioned to other cmdlets. Search-mailbox is great for determining where a message is in a mailbox. It’s also the fastest tool for retrieving a message from a mailbox for analysis. Granting mailbox access or using content search is not as efficient.

    Please help us keep this cmdlet alive!
    https://docs.microsoft.com/en-us/microsoft-365/compliance/legacy-ediscovery-retirement

    127 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. end user ability check status of IP blacklist

    How end user can check status of IP blacklisted by O365 anti-spam engine.

    Do we have portal available publicly.

    For example: below MXTOOLBOX portal gives you ability to check IP blacklist status on different anti-spam engine.
    https://mxtoolbox.com/blacklists.aspx

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Report Message Add-in for GCC

    Seems pretty odd that the report message add-in doesn't work in government tenants. It is definitely something that should be enabled.

    100 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable DKIM for Office 365 Home with custom email domain

    The Office 365 Home subscription allows you to use your your own email domain. However, there is no option to enable DKIM and without it, outgoing email often ends up in the recipient's Spam folder, making the custom email domain capability useless.

    Please expose the DKIM setting on the UI for O365 Home subscribers.
    The feature itself is already implemented and available in the Business edition, but requires the Admin panel which does not exist in Office 365 Home.

    https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/38177803-enable-dkim-for-office-365-home-with-custom-email

    96 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Quarantine notification emails: please change it back.

    The new Quarantine notification emails are not useful.
    The layout is very inefficient with screen real estate and difficult to read on a computer, and unreadable on a smartphone.
    Also, end users need the ability to release valid emails directly from the Notification message on a smartphone, instead of forcing them to log into the Quarantine web page (which is also unusable on a smartphone).

    83 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Emails being incorrectly flagged as High Confidence Phishing emails being dumped into Quarantine by default

    Currently we have an issue where inbound mails are being intermittently marked as High Confidence Phishing emails, including emails from Microsoft support!

    These are simply going into quarantine, with no end user notifications and no notification of delayed delivery of the sender.

    I have modified the default spam filter policy to put them into Junk Email - but this is a huge issue as if the default spam filter policy does this, hundreds of thousands of emails are being incorrectly quarantined every day!!

    Please look at this urgently.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. report phish

    When a user uses the Report Message add-in in Outlook to report a phishing message, it triggers all kinds of excellent Automated Investigation and Response things - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/automated-investigation-response-office?view=o365-worldwide#example-a-user-reported-phish-message-launches-an-investigation-playbook -

    However, we currently use a 3rd-party tool to report Phishing messages (KnowBe4 Phish Alert) because it can give the User positive reinforcement for reporting KnowBe4's test messages.
    I set up the KnowBe4 to also report to phish@office365.microsoft.com , but this does not trigger the Automated Investigation - although we usually do see a PhishZAP investigation a little bit later (presumably after the exchange backend has had time to crunch through the…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Exchange Transport Rule for spoofed email using compauth reason code within Authentication-Results header

    When DMARC isn't enforced to restrictive policy yet for any domain, some illegitimate spoof will still go through and some other legit emails, sent by partners must not be blocked.
    It could be easier and reduce the amount of false positive if we could use the "CompAuth" value within the Authentication-Results.
    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-headers?view=o365-worldwide

    When you check spoofed email header such as the one under :
    - Authentication-Results spf=[...]; dmarc=fail action=none header.from=mydomain;compauth=fail reason=001
    you'll notice the compauth and reason at the end. Today, we are not able to match them.

    Composite authentication is usually set to none or fail for spoofed email…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Release Quarantined Emails From Threat Explorer

    When working primarily out of the Threat Explorer, you can identify emails that have been quarantined. However, releasing or deleting those emails can only be done when manually navigating to the quarantine page. You should be able to release/delete these messages via the Threat Explorer rather than having to work out of different areas to complete this.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Customize Alert Policies

    Allow for exceptions to Alert Policies. For example, the “Phish URLs Removed After Delivery” rule is prone to False Positives. Being able to exclude addresses from the Alert would increase the fidelity of the Alert.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Safe Links User Clicks

    In the Threat Explorer, the “User Clicks” tab displays when a URL was accessed in an email. However, you can not see which user clicked the email when multiple results are displayed. Displaying the username of who clicked the link would help with remediation for that user.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Message Trace Details in the Threat Explorer

    Including the data displayed in a Message Trace within the Threat Explorer would be useful when troubleshooting email issues. For example, the Message Trace shows what DLP/Mail Flow rules were applied to an email. Our organization works primarily out of the Threat Explorer, so being able to get this data without having to work out of multiple areas in the Security & Compliance Center would be helpful.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow customized content filtering

    Create a section in the anti-spam policy where you can add custom keywords that can be marked as spam. This can currently be done via a mail-flow rule, but having it available in the anti-spam policy would have less potential impact than a mail-flow rule. Also, being able to add additional file extensions to the anti-malware policy would be useful. It currently only allows you to filter extensions from a predefined list.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable Commenting for Allow/Block List Entries

    Allow for commenting when making entries into the Allow/Block lists in the Anti-Spam & Connection Filter policies. These lists are large for our organization and we have to maintain an external list to reference why an entry was made. Being able to reference a reason of why the entry was added within the console would be a huge time saver when performing maintenance.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow end users to release, delete, report via End User Spam Notification

    Recently, End User Spam Notification was modified and now end users are unable to "Release", "Block" quarantined spam emails from End User Spam Notification mail.

    I understand that end users must navigate to Security Compliance Center to do so, but I would like to do so from End User Spam Notification mail, so I want an option to bring back the old style End User Spam Notification.

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. There doesn't appear to be any way to add the sender of a quarantined message to an approved sender list (i.e. whitelist).

    I have automated e-mails I receive a several times a day. They always get erroneously quarantined as phishing attempts. In Outlook I can "Block Sender" or "Never Block Sender", but I have no way to do the equivalent of "Never Block" senders in O365. I have no way to whitelist these "phishy looking" legitimate e-mails.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow administrators to have an approved domains to bypass the automatic forwarding block

    With the new change to the Outbound spam filter policy, we are finding that we have a number of customers with sub companies on different tenants that are being caught by the new auto forward block as they are seen as external domains.

    It would be nice to be able to specify an approved set of domains for the Automatic Forwarding to allow email to bypass the blocking as needed but continue to block the rest.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 20 21
  • Don't see your idea?

Feedback and Knowledge Base