Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add the log-out activity in the Office 365 Audit log search scope

    Please add the Office 365 log-out activity to the activities field in the Audit log search. It would be helpful for admins to track how long each user was on Office 365.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Remediate AIR alerts via PowerShell

    The alerts in threat management > investigations need to be approved manually, otherwise nothing is done about potentially hazardous messages. The utility of this feature is greatly diminished if it cannot be automated!
    Need to have at least PowerShell commands to act on the investigations.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Automatic remediation

    Allow automatic remediation of events detected by Automated investigation and response (AIR).
    Without that, teams need to almost dedicate a person to review each alert. Some "intelligence" should allow to triage existing AIR alerts, and submit some for automatic remediation

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Label changes from the desktop application are not reflected in the "Confidentiality" column in SharePoint Online.

    With the new preview version of confidentiality labels for Office files in SharePoint and OneDrive, users can implement confidentiality labels from Office desktop applications, however, these changes are not being reflected in the "Confidentiality" column. "in SharePoint Online.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Email Notifications generated from Office365Alerts@microsoft.com are flawed as they are not sent via MX records “but placed directly as a fr

    Email Notifications generated from Office365Alerts@microsoft.com are flawed as they are not sent via MX records “but placed directly as a front door”.

    Have been directed here after working with MS Support on this:
    Reference Ticket #:18509943
    Microsoft Support <o365sup3@microsoft.com>; O365 BC Escalation Case Track <O365BCTrack@microsoft.com>

    As an MSP/Partner/External TenantAdmin, we have been troubleshooting why we were not reliably receiving email alerts from Office365alerts@microsoft.com when a customer tenancy had a compromised situation – ie when a mailbox was infiltrated and the attacker created a forwarding rule.

    Global Admins within customer tenancy would however receive the email fine. …

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Examples

    Anyone coming in to this new app finds words and their definitions very intimidating. The verbiage used has no precedent with existing policies, so in order to allow the most rapid deployment of this app into a Sharepoint site, I would like to see examples of how this tool is actually used in an example site, with popups showing where the concept is being used and how it got to that point. In other words, I would like to see many examples of compliance in action.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. Is there a process to remove your link from the list of malicious links?

    I'm part of a team that sends out emails on behalf of our users. We have an internal process to filter out phishing emails. Unfortunately, the emails embedded in our links have been classified as malicious by Office 365 Advanced Threat Protection. Is there a process to remove our links from your list of malicious URLs? Thank you!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. [Case #:18809824] Follow Up | Alert Notification time

    We are currently getting our notifications at 2 AM Eastern. So, if an incident occurs at 2:05:00 AM, we have 23 hours and 55 minutes before we are notified. We would like our Alerts--medium and high-to be sent to us in near-real time.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. userloggedin

    UAL shows a successful UserLoggedIn event from other O365 tenants, even if the user did not successfully access Sharepoint.

    When reviewing UAL logs, we can see a user successfully log in and attempt to access the SPO application GUID. There are no SPO even logs for this request.

    {"CreationTime":"2020-03-26T11:42:48","Id":"xxxxxxxx-1fc0-49e8-83e4-7abec0fa0434","Operation":"UserLoggedIn","OrganizationId":"xxxxxxxx-3335-43ba-8b78-5f0f5d2af530","RecordType":15,"ResultStatus":"Succeeded","UserKey":"Not Available","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"xxx.xxx.xx.xxx","ObjectId":"00000003-0000-0ff1-ce00-000000000000","UserId":"xxxxx@xxxxx.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"UserAgent","Value":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/80.0.3987.149 Safari\/537.36"},{"Name":"FlowTokenScenario","Value":"Login"},{"Name":"UserAuthenticationMethod","Value":"65"},{"Name":"RequestType","Value":"OrgIdWsFederation:federation"},{"Name":"ResultStatusDetail","Value":"Success"}],"ModifiedProperties":[],"Actor":[{"ID":"Unknown","Type":0},{"ID":"xxxxx@xxxxx.com","Type":5}],"ActorContextId":"xxxxxxxx-86f1-41af-91ab-2d7cd011db47","ActorIpAddress":"xxx.xxx.xx.xxx","InterSystemsId":"xxxxxxxx-f035-0000-48e2-8db05b9ef899","IntraSystemId":"xxxxxxxx-a3c1-4073-9ce1-ecf4c3f70f00","SupportTicketId":"","Target":[{"ID":"00000003-0000-0ff1-ce00-000000000000","Type":0}],"TargetContextId":"xxxxxxxx-3335-43ba-8b78-5f0f5d2af530","ApplicationId":"00000003-0000-0ff1-ce00-000000000000"}

    We were able to repro this behavior by sending a user from another O365 tenant a URL that they were not given access to in SPO.

    Even though they failed to access the endpoint URL,…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  12. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  13. Something is wrong with Office 365 anti-Spam IP Delist

    Recently something is wrong with Office 365 anti-Spam IP Delist.
    There has three step for this process. One is Send verification. Two is Confirm email address. Three is Delist IP.
    One and two steps are OK. But when I delist IP, i got the error message: We're unable to submit your request right now. Please try again later.

    So please help to look into this issue. Thanks

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. MFA - Check the recent sign-in activity

    MFA should be have the same option of the personal accounts.
    On my hotmail account with MFA I have the option to see the logs, "Check the recent sign-in activity".

    Should be have the same option to corporate email address, this way the user can check the lastest entries.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow Office 365 Admins the ability to update Sensitive words for SPAM Content Filter

    Allow Office 365 Admins the ability to update the Sensitive Word List for SPAM filtering, the ability to update this list by the admins will alleviate the stress of Microsoft to have to manage the list themselves. This will also increase the identification of Unsolicited emails and decrease the wait time for a resolution to take place.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow disposition reviews to be assigned to Office 365 Groups

    It should be possible to assign disposition reviews to Office 365 Groups, so that the membership of the group can change over time and the responsibility for disposition reviews is not dependent on one person.

    The product documentation used to state that disposition reviews could be assigned to "individual users, distribution or security groups, or Office 365 groups", but actually if you tried assigning to an Office 365 Group it did not work (failed with an error). The documentation was later updated with a note to say that Office 365 Groups are not supported.

    It would be useful to support…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Fix the interface - the refresh button doesn't work more than half the time, files view is empty (NaN, blank rows)

    Just fix the broken interface once and for all please. It's 2020. Refresh buttons should actually reffresh. If you show emails, please also show files instead of empty rows with NaN and released Y/N. I need to actually see the subject, date, sender too... Don't hide column width adjustments, dont't obscure info under the floating popup, get rid of the annoying feedback button which sites EXACTLY over the email footers... I could go on and on....

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Improve the UX for adding labels, for end users

    Labels are displayed to end users in a single flat list. Basic UX guidance suggests that such flat lists work for 7-10 items, not more. Yet some organizations will be applying sophisticated file plans using labels. It is totally possible that general purpose document libraries might require 20, 30 or more labels to be available.

    Therefore the UX for labels should be improved, at minimum to allow categories/folders of labels. Or alternatively a UX similar to the Managed Metadata picker could be applied. This would make for a tolerable end user experience in choosing a label to apply from a…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. MAKE IT SO I NEVER SEE THE SPAM IN THE QUARANTINE AGAIN, OTHER WISE YOU ARE THE SPAMER TO.

    MAKE IT SO I NEVER SEE THE SPAM IN THE QUARANTINE AGAIN, OTHER WISE OFFICE 365 IS THE SPAMER TO.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 97 98
  • Don't see your idea?

Feedback and Knowledge Base