Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Able to Schedule Reports Daily

    Yes, we can schedule any reports under Security and Compliance. However, the types of frequency that the schedule offers is either Weekly or Monthly only.

    A feature that we could customize the frequency of the report of implement at least a daily report could greatly help us auditors and admins.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Know What Inbox Rule is Applied to Sent/Received Mail

    We will know as to what folder was the message routed to. But we aren't able to know what specific inbox rule is applied to that message.

    Knowing what inbox rule is applied to the message would help others with a handful of inbox rules implemented.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  3. I would like to use activity report to retrieve activities which performed in OneDrive for Business

    It would be great if ODfB activity report can retrieve activities which specifically performed in ODfB because, the report always includes ODfB related activities which has been done in Microsoft Teams as well; such as file sharing.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  4. Retrieve the number of activities performed in SPO only

    I would like to retrieve the accurate number of activities which performed on SPO; because current activity report for SPO includes file sharing activities which operated in Microsoft Teams as well.
    I would like to see the activity counts in SPO only.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  5. O365 Audit Logs

    O365 audit logs (prior to October 2018) displayed successful logins from external IP addresses. i.e. staff who login from external PC via Web, iphone, outlook on home PC etc.

    It is now (for the last 12 months) shown only the occasional successful login from external IP (when I absolutely know there are many hundreds external logins). We have used this in the past to identify when accounts have been compromised. We do use MFA - but also check these logs daily as additional defense.

    I have had a job logged with Microsoft since October 2018 to resolve this issue and…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  6. June 12, 2019: I have been trying to send emails through Constant Contact; they are going to the Junk Folder. the emails are not junk!

    June 12, 2019: I have been trying to send emails through Constant Contact and they are going to the Junk Folder when the emails are not junk!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Improved auditing on SPO search queries (additional metadata collection: e.g. search terms values)

    For instance: User michael@contoso.com goes to https://contoso.sharepoint.com/DocumentLibrary and searches for "Test".

    Security wise, it would be most beneficial to be able to check what searches the users did. That would improve our reaction time should there be any misuse of our SharePoint Sites.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Improved auditing on SPO lists to resolve list object GUIDs to human-readable form

    When searching for certain activities on the Unified audit logs such as Changes done to SPO lists the results are delivered in GUID.
    To be able to pinpoint exactly what list was changed I first have to login to SPO, go to the affected site, open a list, enter list settings and replace the GUID of the List I selected with the one that is on Unified Audit logs.
    Also we would like to be able to see extra information instead of the Guids such as What Item was updated and what changes were done.
    The workaround for this second…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  9. l

    post wot you have got would like a delivery please

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  10. Provide the keywords used by the user when a SearchQueryPerformed is executed

    We use the unified log when investigating cybersecurity breaches (i.e. compromised account). We need to know what the malicious actor actually did. If I see that they searched for something, I’d like to know what they were looking for. This helps us understand if the breach was targeted, and what the attackers were hoping to achieve.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  11. I ran a malware test from https://www.emailsecuritycheck.net and Outlook 365 failed every test.

    I ran a malware test from https://www.emailsecuritycheck.net and Outlook 365 failed every test. My suggestion is to perhaps check for malware?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  12. Searching audit logs in notification mail sent via Activity Alerts function

    You have to search audit logs by converting the time zone to JST manually, because the duration on searching is referring the time zone set on the operating system while the time zone in a notification mail is in UTC.
    In order to search audit logs smoothly, it would be great if the searching duration would be converted automatically to OS time zone when navigating to audit log search from a link in notification mail.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Attack simulator should have its own role and not require Office 365 global administrator

    Attack simulator should have its own role and not require Office 365 global administrator. I can understand that there needs to be some sort of approval process to start a campaign. Perhaps allow someone in the "Attack Simulator Creator" limited role submit for review and scheduling by a global administrator. Also allow this limited role access to the results and reports. Requiring Global Admin rights is too heavy handed for this feature.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Provide 'Email Read' Feature as part of O365 eDicovery or ECP Traces

    We received several spam campaigns and phishes routinely. During user impact assessments, we would like the ability to know if a message was opened, from which application (mail client type), and so forth, to determine whether or not a malicious email was actually opened in a vulnerable context.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  15. Fix EOP Mailflow - Users can bypass most of EOP

    While creating a mail flow rule I found a security issue with how incoming e-mail navigates to either the recipient's mailbox or system quarantine. If an end-user blocks an e-mail sender or allows an e-mail sender from within Outlook, the incoming mail from those senders is inserted into the mail flow at the Content Filtering step. From there it goes to either the quarantine or recipient mailbox.

    I first confirmed this to be happening on blocked messages. I have all my junk mail in our organization going to a system quarantine instead of the junk mail folders for our users…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Support for Exchange Online Message Tracking via API into Splunk or SIEM

    We would like to log Exchange Online Message tracking into our current SIEM (Splunk)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add OCR scanning capability to ATP

    Add OCR scanning capability to ATP so phishing messages containing only inline or attached images can be properly blocked. Actors are using this method to get around threat detection and transport rules in O365 by using inline images containing the body of the ransom message rather than using text.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. MyAnalytics is not supported in Germany for Business Premium Tenants. So sad!!

    Unfortunately I had to learn today that for my Tenant MS365 Business Premium, the use of "My Analytics" in Germany is not possible. But with the "E" plans, I know that works. I think that's a pity. When will this be possible? Thank you very much

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. user reports to include phishing emails

    Some clients often receive FPs on phishing filtering which then don't appear in the emailed reports. Is it possible to have the option to allow phishing emails in the reports, please?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. eDiscovery Search Name Gives Error if Duplicated

    If the error message to say - This name has alreaady been used could be amended to say which case it can be located in.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 88 89
  • Don't see your idea?

Feedback and Knowledge Base