Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  2. Desperate for help... ATP classified our domain as malicious by mistake and that's destroying our company

    Since Saturday, every time anyone with Microsoft ATP enabled clicks on a link from our domain, safe links blocks it and tells them that our site is malicious (which it's not).

    Our domain is marked as safe on all the other security providers we've found. Only Microsoft Advance Thread Protection is blocking it.

    There has to be a way for Microsoft to fix the issue on their block domain list inside ATP (safelinks).

    With so many Office 365 users in B2B, blocking and pointing a safe company's domain as malicious by mistake causes a really big problem for that company…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  3. work on it

    improve it

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  4. Advanced Threat Protection Whitelist 2019

    ATP needs a way to whitelist inbound email (IP or domain) from being quarantined as malware. Back in 2016 this issue was resolved by adding exchange mail flow rules to add headers. However, this method no longer works, and Microsoft support (ticket 12611412) confirms that ATP filters before mail rules are applied, and there is no way to whitelist inbound IP's to bypass ATP malware filtering. The only options in the settings is based on recipient. In my case, I want to whitelist to allow a Security Awareness Training provider to send test emails to our users. ATP is incorrectly…

    313 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    23 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  5. EOP - Malware Policy - Add 'Sender/Sender Domain' exclusion/inclusion

    EOP's malware policy allows excluding recipients/recipient domains, but doesn't extend this feature for Sender/Sender Domain. As an example, we have a legitimate sender that sends us '.DOCM' files, however the Malware Policy quarantines it. My workaround is to remove the .DOCM extension from the Malware Policy and instead use an Exchange Mail Flow Rule to only allow that extension from specific senders. It's a workaround, not a solution.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  6. Why run the MS Click-to-Run without explicit permission from me, owner of the computer? A simple pop-up with explanations would suffice

    If MS want to initiate its Click-to-Run streaming service, it should obtain explicit permission from me, the user and owner of the computer. A simple pop-up with explanations would suffice. But MS chooses to decide to push this software-as-a-service component without permission, somewhat reminiscent of malware. That is not nice behavior. Moreover, I cannot find a way to disable this functionality which I do not want.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  7. O365 Attack tool Safe Ransomware simulation

    Hello all,

    With all the recent Ransomware attacks going on I was thinking about some way of simulating such an attack but as far as I know there is none.

    If you could add a Ransomware simulation to the O365 attack tool it would be very useful in preparing for an actual attack.
    Potentially ATP can be leveraged or the built-in folder/file password protection in Windows 10.

    Thank you.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  8. Quarantined files on Classic OneDrive, Sharepoint cannot be downloaded and can be shared, moved or copied

    We can't download quarantined files on Classic OneDrive, Sharepoint, but we can share, move and copy.

    We have an organization that allows the file to be downloaded.

    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/turn-on-atp-for-spo-odb-and-teams?view=o365-worldwide

    Setting the parameter to false blocks all actions except Delete and Download. People can choose to accept the risk and download a detected file

    We also believe that quarantined files cannot be shared, moved or copied.

    Is it possible to modify the function?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  9. Unable to download quarantined files on Teams

    We are unable to download files quarantined by O365ATP on Teams.

    We have an organization that allows the file to be downloaded.

    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/turn-on-atp-for-spo-odb-and-teams?view=o365-worldwide

    Setting the parameter to false blocks all actions except Delete and Download. People can choose to accept the risk and download a detected file

    Is it possible to modify the function?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  10. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  11. Automate sender blacklisting of spam/malware emails

    In automated investigation and response (AIR), make it possible to actually automate tasks. Not just delete bulk email clusters. Give an option to add the sender of any spam/malware to the malware filter in exchange admin center. Or add the blacklisting of the sender to the remediation capabilities.
    AIR doesn't automate anything besides investigations at this point. It just groups it in a new dashboard for someone to still go in and manually delete. Let the process be zero touch automation, and give us an option to add the sender to blocked lists.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  12. this is blocking tons of legitimate sites, like my local newspaper and offers no way to release a message.

    this product is letting tons of spam into my email but blocks many legitimate sites and is driving me crazy. I can't do my work.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  13. Populate MetaData for files in Quarantine from Emails

    Currently in the files section of the Quarantine section in threat management, the metadata is missing from files found in Emails. The metadata only gets populated once files are found from SharePoint, OneDrive and Teams. Either populate all metadata for all files or separate the Files section into Email and Other services.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow downloading malicious attachments in a password protected archive

    When attachments are detected as malware, upon downloading from O365 Security&Compliance for further investigation Defender immediately recognizes malware and deletes files. To allow further manual investigation or submission to e.g. sandbox there should be option to download (malicious) attachments in form of password protected archive. Something similar is already available in MS Defender ATP.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  15. Please show the malware name or type of malware in "View quarantined"

    Under Threat Management -> Review -> Quarantine, in the message details, Quarantine reason should not just put Malware but also malware name or type.

    Or have summarised details of the malware or a link to the details.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  16. Security / Compliance Center Junk E-mail IP block does not appear in Show Detailed Table

    Security / Compliance Center Junk E-mail IP block does not appear in Show Detailed Table

    セキュリティ/コンプライアンスセンター迷惑メールの IP ブロックが、 [詳細な表の表示] に表示されない

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  17. Please create a PowerShell cmdlet to schedule when exporting malware of Real-time detections

    I would like you to create a PowerShell cmdlet to schedule when exporting malware of Real-time detections.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  18. MCAS support for other endpoint protection software

    It would be nice if MCAS integrated with other endpoint protection software rather than having to go with Windows Defender ATP

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. list the email that triggered the potentially malicious url click detected

    The Alert that is created for "A ptentially malicious URL click was detected" doesn't list where the URL was located. Please add the sender and subject line for the email that contained the URL to make it easier to find these emails.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  20. Freedom of custom text

    I want to be able to change the content of the notification text for each detected email when an email is detected as malware.

    This request is based on customer's voice.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base