Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Creation of forwarding/redirect rule

    So last night this rule triggered for the first time, wasn't really aware of it in the first place.

    Severity:● Low

    Time:6/13/2018 10:00:00 PM (UTC)

    Activity:MailRedirect

    User:person@email.com

    Details: MailRedirect. This alert is triggered whenever someone gets access to read your user's email.

    Description: This alert is triggered when someone in your organization creates an email forwarding or redirect inbox rules using Outlook web app or Powershell -V1.0.0.2

    Now to me this is an incredibly frightening message to receive, since this person has access to extremely sensitive financial information. So since I was thinking this person had been compromised, I…

    85 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. When using Sharepoint lists, sync'd through OneDrive on Mac, ALL deleted items go into Trash

    When using Sharepoint lists, sync'd through OneDrive on a Mac, ALL deleted items, no matter what the permission level in SharePoint, are sync'd to all user's local Mac Trash bins. This causes potential compliance breaches with users being able to access confidential information. According to MS support this is a 'feature' and cannot be disabled. I suggest that there be an option to disable this.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. Change retention policy functionality for Teams so that it works on teams below 10mb in size

    Change retention policy functionality for Teams so that it works on teams below 10mb in size.

    As of today, any Team has to be at least 10mb in size for any retention policy to work on that particular team. This is because the Managed Folder Assistant will not run for mailboxes below that size limit. I have yet to understand the reasoning behind this limitation??

    For Teams the limitation as described is especially problematic in that the mentioned 10mb size is calculated based solely on the "totalitemsize" property on the team's mailbox. This is a problem, since that value does…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  4. Include Category in meeting request

    When working with a team, where everyone shares the same categories in their (work-)calendars, it would be tremendously useful to share the category of a meeting request with everyone invited to that meeting.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. The ability to turn off or disable the quarantine filter.

    I utilize AppRiver to Filter my Mail
    I see no reason that I cannot disable this even through a transport rule.
    We need the ability to turn off this filtering.
    Otherwise, I am maintaining two email filters which are double the effort.

    Please and thank you !

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  6. I want to be able to customize the data exported in the message audit log and send it to the user

    I want to be able to customize the data exported in the message audit log and send it to the user

    メッセージ監査ログのエクスポートしたデータをカスタマイズしてユーザーへ送信できるようにしてほしい

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. To allow DUO MFA with the Attack Simulator in Security and Compliance

    To add DUO MFA as an acceptable MFA option to run the Attack Simulator in Security and Compliance

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. 3DES usage

    Spreadsheet of TLS 3DES usage needs a column for Cipher used. Showing us which protocol was used is ok, but knowing that Bob connected with TLS 1.0/1.1 doesn't tell us if the Cipher used was 3DES or not.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. Alert policy to catch when users reach a predefined limit

    In office online there are several limits predefined, as recipient limit or message size limit. I want to know when these events happens.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  10. Creation of forwarding/redirect rule alert: improve visibility of address forwarded to

    When an alert is triggered because of the Creation of forwarding/redirect rule policy, finding the address that is being forwarded to is very tedious compared to how important this information is. It is also drowned by all the information around it despite it being the second most important element to decide if the alert should be investigated further or dismissed.

    The current route is:
    1) Click on "view alert details" in the e-mail notification / on the alert in the alert list of the S&C center
    2) In the alert, click on "view activity list"
    3) In the activity list,…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add retention tags for Notes and Calendar

    Please add the Notes and Calendar from the Exchange Admin Center to new Compliance / Security section

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  12. Reduce the amount of time needed to view the activity list in an alert

    It takes at least an hour before I can see the data in an activity list of an alert.
    In a redirect/forward creation rule alert, the details in the activity list are very important when you need to ***** the potential security risk. And you want to be able to do it immediately and not to wait an hour for it.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support 'guest users' as collaborators on Cases.

    Support 'guest users' as collaborators on Cases.

    It seems like a defect that guest users are not currently supported as collaborators.

    In a support case I was told: 'As we have discussed it is by design that we can not assign a guest user as e-discovery manager'.

    If this is the case, then the design is flawed: While it is possible to assign a Guest AD User as a collaborator on a Case. It then does not work - they are not granted access. They can login to Security and Compliance center, but unable to view assigned Case.

    Please fix…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. Create separate retention policies for 1:1 chat and Team / Channel chat

    In Skype for Business, there's an option to log or not log messages, and all one to one or one to many messaging threads are treated as ephemeral messaging if logging is disabled.

    In teams, not logging or retaining messaging in a Team or a Channel reduces the value of the tool. Currently, retention can be configured for chat to team or channel messaging, and the same retention level is applied to all messaging. (30 day minimum)

    It would be great if 1:1 or 1:many chats could be treated as ephemeral messaging, and teams / channel chat could be set…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow dynamic retention policy based on group membership

    The below is too great a restriction and renders the retention policy useless.

    Groups selection confirmation

    The specified groups will be expanded so that an In-Place Hold can be put on the mailboxes in these groups. Only the mailboxes that are currently members of these groups will be placed on hold. Mailboxes added to or removed from these groups won't be added or removed from this hold. After setting the group for the location, the new member changes for this group will not auto apply to this location settings. Do you want to expand these groups?

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable by default alert Activity from infrequent country

    These anomaly detection policies are only available for E5 users or MS CAS.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. Secure Score - MFA with conditional access is not counted

    Secure Score - MFA with conditional access is not counted.
    The system recognizes only full MFA while it was set as encofrece

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. We currently have in-place holds for mailboxes that expire after 1 year.

    We currently have mailbox in-place holds that expire after 1 year. This allows us to meet compliance policy without having to go back and manually delete holds after the required time. Can you do something like that in eDiscovery?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  19. Microsoft 365 NIST 800-171 Assessment in Compliance Manager

    Can you add the NIST 800-171 assessment in Compliance Manager for the product Microsoft 365?

    Right now the product list only includes: Azure, Azure Government, Dynamics, Office 365 and Professional Services. No M365 :(

    Thanks!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide the ability to call a Microsoft Flow in a Retention Label in Security and Compliance Center similar to an IRM policy in a library.

    When configuring a retention label in security and compliance center a Microsoft Flow should be an option to execute when executed. Similar functionality exists in Information Rights Management in a document library that can call a SharePoint designer workflow. Flow should be integrated into SCC to accommodate custom actions.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base