Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Record retention label - Disable "Record Status" toggling feature

    Based on Microsoft new feature release in Jan 2020, it allows user to toggle "Record status" to lock / unlock for a documents that are being applied with record retention labels. This feature is undesirable whereby it allows users with "members" rights to unlock and modify a record. We wish to have more control in terms of record handling and wish to disable this feature. Is there a way to hide this option from users and only allow site collection administrator to do so?

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    The ability to mark a document as a record and restrict actions that can be performed on the record is an essential goal for any records management solution. However, collaboration might also be needed for people to create subsequent versions. This action creates a record in the Records folder in the Preservation Hold library, where it resides for the remainder of its retention period.

    While the document is unlocked, any user with standard edit permissions can edit the file. However, users can’t delete the file, because it’s still a record. When editing is complete, a user can then toggle the Record status from Unlocked to Locked, which prevents further edits while in this status.

    https://docs.microsoft.com/en-us/microsoft-365/compliance/record-versioning?view=o365-worldwide

    Alternatively, you can use the Regulatory Record Label which blocks versioning: https://docs.microsoft.com/en-us/microsoft-365/compliance/records-management?view=o365-worldwide#compare-restrictions-for-what-actions-are-allowed-or-blocked

  2. Attack Simulator: Phishing Login server URL detected by common browsers (Chrome, Internet Explorer, Edge) as "Deceptive" or "Unsafe"

    When clicking on the link produced by the Spear Phishing attack simulator in https://protection.office.com/attacksimulator (Phishing Login server URL), common browsers like Chrome, Edge, or Internet Explorer detects the site as "Deceptive" or "Unsafe". This results to a failed simulation as no user will attempt to click on "visit this unsafe site". Even if the users click on the link, that of which is recorded, the test will always have a 0% Success Rate.

    Is there anyway that Microsoft can coordinate with the common browsers to "whitelist" all their Phishing Login server URLs?

    145 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →

    The core cred harvesting URLs in attack simulator are allow-listed in SmartScreen (the technology used in Explorer and Edge), so they shouldn’t be blocked with those browsers. Chrome is usually the biggest problem, and Microsoft has been unsuccessful in convincing Google that they should include our phish training URLs in their default allow-lists. Instructions on how to deploy a client policy that allow-lists the cred harvesting URLs for Chrome can be found here:
    https://support.google.com/chrome/a/answer/7532419?hl=en

    At the moment, the following URLs are included in the M365 Attack Simulator:
    http://portal.docdeliveryapp.com
    http://portal.docdeliveryapp.net
    http://portal.docstoreinternal.com
    http://portal.docstoreinternal.net
    http://portal.hardwarecheck.net
    http://portal.hrsupportint.com
    http://portal.payrolltooling.com
    http://portal.payrolltooling.net
    http://portal.prizegiveaway.net
    http://portal.prizesforall.com
    http://portal.salarytoolint.com
    http://portal.salarytoolint.net

  3. File plan CitationUrl length too small

    The max length for the CitationUrl field is 64 chars. This is way too small for a URL that will be referring to specific page. For example: https://www.gov.uk/government/publications/guide-to-the-general-data-protection-regulation. Please increase to 254 chars.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    thanks – the import file plan option is limited to 64 characters, but you should be able to edit file plan descriptors from the compliance center, from the create label wizard in the records management solution, and should be able to provide longer urls via that approach.

  4. Bypass ZAP feature for some Senders

    Currently ZAP can be disabled for the entire Tenant or some recipients but there is no way to disable or bypass ZAP for some specific list of Senders.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Muhammad, thanks for the feedback. Zero-hour auto purge respects the Safe Senders list of the Anti-spam policy. If there are specific senders which you do not want ZAP to act on, you can configure them as safe senders.

    Note that we recommend admins to be cautious when adding safe senders for both mailflow and ZAP as it can cause a security issue should the sender become compromised.

  5. Give more detail on the TLS and Connector reports that are available in the Security and Compliance Centre

    Allow you to drill down and get more detail on the TLS report. For example, which domains are not using TLS, or which domains are only using TLS 1.0.

    246 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    21 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →

    1. Click into “details”.
    2. Choose “connector report”.
    3. Choose “request report”.
    4. Answer the questions in the wizard, clicking “Next”, “Next”, and “Save”.
    5. Wait for the report to come to the email address specified. It will contain the following fields:
    message_id, direction, sender_address, recipient_address, connector_name, connector_type, tls_version, tls_cipher

    With the Message_Id value, you can combine this with MessageTrace to get the Subject.

    If this does not help, please provide more information as to the scenario and detail that is missing. Thank you for the feedback!

  6. Outlook 365/2019 add in for Supervision policy's.

    Integrate the supervision policy when your are a reviewer to outlook for a user friendly place to monitor supervised emails. Add in alerts for these policy's in a range of severity and importance. Having to login to the 365 security portal to check the policy is too time wasting and sometimes forgotten by admins

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. OneDrive Content search across Geos

    Currently, performing a content search of OneDrives across a multi-geo environment isn't possible, it only searches the default Geo, not satellite Geos. If you create a security compliance filter targeted at your satellite geo and put the eDiscovery person in the role, then they can search that satellite geo. Please update oneDrive content search to search across geos the same way that an Exchange mailbox search works, without requiring adding/removing them from security compliance filters. (This workaround was the result of working with Microsoft Premier support, so it's legit.)

    53 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  8. Fix Supervision add-in (Supervisory Review v2) for Webmail

    The Supervisory add in within webmail is broken since the latest updates were done. The add-in was a really good feature that allowed compliance admins to perform supervision via webmail in case there are more then one supervision rules. The outlook version doesn't work better then the webmail version as it requires to create a new profile per supervision rule. Doesnt suit in case an organization has many supervision rules. Would really hope if this could be fixed soon.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  9. Phishing attacks using Office 365 compromised Accounts/ ATP safe links not working

    Hello Microsoft ATP Team,

    This is to bring to your notice that spammers/phishers have started targeting Office 365 Tenants which creates a mail loop between Office 365 hosted domains and these emails are getting circulated through which accounts gets compromised. We had a lot of incidences happening in our environment, As these emails are getting generated from the actual account hosted in Office 365 the email are considered to be safe and lands in users Inbox. We have ATP safe links policy in place however its not performing the job as expected. ATP is a great feature but we request…

    620 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    31 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    ATP does not consider mails from other Office 365 tenants, or even mailboxes inside of your tenant, as safe. The best way to put a stop to this is to follow the recommendations in SecureScore for your tenant; and report phishing mails to us promptly. Also, make sure that the sender is not allowed either by the tenant configuration or the user safelist.

  10. Supervision Policies

    Make Supervision Policies a standard feature for Education A1 subscriptions. I think this would be a unique and powerful selling point for Office 365 in schools, especially with the latest Offensive Language intelligent filter

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  11. folder level default for compliance asset id

    A compliance asset id value can be applied to a folder and this should be 'inherited' as items are created or uploaded to the folder. However, there is no inheritance unlike the classification label. This means a user has to manually tag the asset id of any items they create or upload to the folder. They will not do it or make mistakes. Please can the compliance asset id inherit from the library or folder in the same way as the classification label.

    58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Retention Compliance Rule - Exclude Item Classes

    Provide the capability to exclude item classes from a Retention Compliance Rule. This will allow for excluding Notes, Tasks, and Calendar items

    MS has published articles detailing how to do this for hold policies dating back to January of 2018, but the cmdlets still do not exist.

    https://support.office.com/en-us/article/overview-of-retention-policies-5e377752-700d-4870-9b6d-12bfc12d2423

    Set-RetentionComplianceRule [-ExcludedItemClasses <MultiValuedProperty>

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Use message header properties in email supervision policies

    I would like to exclude bulk mail from email supervision policies. Would it be possible to use some properties in the email header for policy conditions? In our initial testing, we're getting a large amount of newsletters and other bulk content.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow "or" logic in creating policies for email supervision

    Current logic in supervision policies is "and" logic. If you add more than one condition, all must be met. This means searching emails for a list of terms requires 2 policies - one for the message body and one for attachments. If looking for a specific list of works/phrases, it would make sense to look in BOTH locations - which requires OR logic as currently set.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  15. Block logins from other countries

    It would improve security if we can restrict O365 logins to a specific geographic region. Or exclude specific countries if we identify major hacking attempts from those countries.

    3,663 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    200 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

    That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.

    That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.

  16. Implement sensitive data ediscovery searches in Exchange Online

    Sensitive data searches for ediscovery currently work only in Sharepoint and One Drive. It also works for DLP in Exchange. This lack severely limits the usefulness of eDiscovery in Security and Compliance for Office 365.

    135 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. New function proporsal : Coping eDiscovery result to Discovery mailbox operation from S/C center.

    Operations from sc center that Copy eDiscovery search results to a discovery mailbox would be very useful.

    This operation is available only in Exchange Management Center.
    but we want to implement this operation in SC center too. Please consider this function.

    177 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    17 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →

    We now offer more simplified way to review content in Advanced eDiscovery. Please review documentation here:

    Review sets in Advanced eDiscovery (v2.0)

    https://docs.microsoft.com/en-us/microsoft-365/compliance/view-documents-in-review-set?view=o365-worldwide

    Note that the In-Place eDiscovery and Holds cmdlets in the EAC are now retired:

    https://docs.microsoft.com/en-us/microsoft-365/compliance/legacy-ediscovery-retirement?view=o365-worldwide

    We recommend considering the new review tool in Advanced eDiscovery.

  18. Threat Protection not scanning links within attachments

    Advanced Threat Protection is not blocking phishing links within attachments. These links are coming through in a higher frequency as pdf attachments which are scanned by ATP and in turn are allowed through because they are clean attachments, but the links embedded within these pdf files are going to phishing websites and people are clicking on them. ATP is not blocking these links. Please fix ASAP!!!

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Preservation Lock enable and disable with special permission or at least with Microsoft Support.

    Preservation Lock can be set so easily that if you click on the policy on the right it will give you the option of on and Off resulting in a lock that even Support can not remove. Either provide a secure way of enabling disabling to the user or at least give it to Microsoft Support to do it on Client's behalf.

    312 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. Get-RetentionCompliancePolicy Doesn't Return Values for SharepointLocation

    I have added sites to a Preservation Policy and need to continue adding sites to new policies. To do this I'm employing Powershell and the Compliance Center cmdlets to automate the provisioning of new policies as the current policy fills with sites.
    To do this I am running Get-RetentionCompliancePolicy and accessing the SharepointLocation property of the resultant objects. However, when I run the cmdlet without any arguments all the policies are returned, but the SharepointLocation property is empty. If I run the same cmdlet and pass in a policy name to the -Identity parameter then values are returned for the…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base