Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow MI to be gathered when previewing attack simulator attachments

    When using the attack simulator with attachments, by default the attachment will open in protected view, unless the user then clicks to edit the document no reporting is possible.

    It would be very helpful to have an exception to the policy for the attack simulator attachments.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. I see there is a new block sender button in security and compliance Quarantine page which is not mentioned in the article and dot

    I see there is a new block sender button in security and compliance Quarantine page which is not mentioned in the article and dot

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Slow down your portal upgrades and consolidation

    Current receive email alerts with links to both security.microsoft.com and protection.office.com to view details of a security alert but details are only available under protection.office.com. Microsoft portals and admin centers are confusing and constantly changing. May I suggest that devops and marketing teams work together and think a bit longer before implementation and consolidation of new portals and admin pages.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. I would really like to be able to use the SharePoint alerts on SharePoint Sub sites

    It appears that the SharePoint alerts only work at the site collection level, I would really like to be able to use the SharePoint alerts on SharePoint Sub sites as well, as we have different owners for the sub sites who would need to receive notifications.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Cloud App Security - Closed Alerts Reduce Investigation Priority

    When Cloud App Security alerts are closed due to false positives, the users investigation priority score should be reduced by the number associated to the alert. For example, if you close an impossible travel alert as false positive, the investigation priority should be reduced by 36 points. The score reduction should should occur immediately and not be bound to a 7 day rolling window.

    In order for security operations to leverage the full benefits of Sentinel and its SOAR capabilities, automation of handling alerts is critical. It is important that we can levage Sentinel to automatically close Cloud App Security…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. SharePoint conditional access blocks Teams (chats and phone calls)

    Currently if Conditional Access blocks SharePoint then it is blocked SharePoint, Teams, OneDrive, …

    It would be nice to create a more detailed rights that permit access to Teams (chats and phone calls), and at the same time blocks access to document data (SharePoint, OneDrive, etc.)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Conditional Access setup by IP

    When Azure Conditional Access is setup by IP, the IP is checked at the login process. After that it is possible to change the IP address and then this Conditional Access is not accomplished.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. add ability for external counsel to download case exports

    Often I have to share an export with external counsel.

    In my case, I create guest accounts in AAD, and a private team.

    Then I turn off the retention policy for the team, download the export, and then upload it into the team and share the files with the guest.

    That way I have logging and proof for chain-of-custody when they download.

    But... that is painfully time consuming, and I have to remember to manually parse the audit logs to provide the legal team with chain-of-custody reports.

    It would be awesome, if you could just add a list of external…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  9. Don't use CAS High Severity alerts for system information alerts

    When a system type alert is generated in CAS, such as the Deprecation of TLS 1.0 or Deprecation of Label Management in Azure Portal, it comes in as a High Severity alert at 12:00 or 1:00am. We have process that flags high severity alerts and pages our on-call team. Since these system notices come in as high severity, our on-call engineer has been woken up twice in the past week only to see "System alert: Deprecation of Label Management in the Azure Portal" as the cause. High Severity should be reserved for actual major security alerts, not system notices.

    22 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Bring back capability to set RGB color for header and footer

    I found that it's very hard to configure RGB color for header and footer in advanced mode. Is it possible to bring this setting back to web portal ? It will be more user-friendly.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. .html file type added to the list of common attachment types

    In the recent enhancements to O365 security emails can be quarantined when they have a common attachment types.

    We are being targeted with password stealing software contained in .html attachments.

    The anti-malware common attachment types filter contains 86 file types that will trigger the malware detection response.

    These 86 file types contains quite exotic file types, but .html is not amongst them.

    It is proposed that the .html file type is added to the list of common attachment types.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  12. Quarantined emails need to be Journaled

    We use the Office 365 Journal feature to create an email archive.

    With the recent enhancements to O365 security quarantined emails are not journaled.

    Quarantined emails are purged after the default period of time and are not retrievable.

    Consequently we have no means of reviewing emails that have been purged from quarantine. Thus the integrity of our email archive is compromised.

    This needs to be addressed by journaling all quarantined emails, with perhaps the email subject being prefixed with the text <QUARANTINED>

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  13. Exchange Online - Spam filtering before redirecting email

    In O365 Exchange Online, we've shared mailboxes where all incoming emails are redirected to external email, because of an external CRM tool. If we receive spam email, it is redirected to external email and then goes to spam filter. Is it possible to set rules that first action would be going to spam filter and only if it is not a spam it is being redirected to external email address?

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Attack simulator: support more than 500 users

    Currently you can add only 500 people to testing. If you target the large number of people for testing, we have to take more time to test multiple times. It would be helpful if you could increase this limit to support large number of people for testing at once.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Expand the existing alert policy so that a wide variety of conditions can be specified when setting it up

    *English follows Japanese

    ■Title(件名):
    既定のアラート ポリシーに対して、幅広く複数の条件を指定して設定できる機能の拡充を希望します。
    Expand the existing alert policy so that a wide variety of conditions can be specified when setting it up


    ■Description(内容):
    ​既定のアラート ポリシー "Unusual external user file activity" のアラート メールを、特定のサイト コレクションに対してアラート メールが配送される場合のみ、テナント管理者 (TenantAdmins) ではなく、特定のユーザーへのみ配送されるようにしたいが、既定のアラート ポリシーは編集ができず、希望の動作を実現することができない。
    既定のアラート ポリシーに対して、例外条件や条件ごとの受信者を設定できるなど、幅広く複数の条件を指定して設定できる機能の拡充を希望します。

    I'd like alert mails from the existing alert policy "Unusual external user file activity" sent only to specified users instead of Tenant Admins only when they are sent to site collections. However, this cannot be possible because existing alert policies cannot be edited.
    So, please change the existing alert policies so that we can specify a wide variety…

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Make a usable 'Attack Simulation' product that isn't filled with bugs

    This is pretty simple really - don't deploy a half baked, 70% working product which you then force us to use vs the less featured but at least 'operational' previous version.

    Considering how much we pay for ATP/EOP/Whatever you want to call it this quarter, users of your 'security' product should have as good of a product as can be created, not something thrown together by college freshman learning to code.

    Here is my running list of bugs/outright failure to implement a product that WORKS to Enterprise customers along with ticket numbers (none of which I've actually gotten a resolution…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Be able to report file directly from OneDrive/SharePoint location as malicious via Security Admin Submissions page

    When in the Admin Submissions page in Security Center - I can report an email, a URL and an attachment. But I cannot report a file stored in a user's OneDrive/SharePoint - I'd have to download it first to my desktop to then attach it.

    But if it's malicious but Microsoft doesn't classify it as malicious yet - McAfee blocks me from downloading to my PC.

    If I try to zip it with "infected" and upload the zip file to Admin Submissions - it says "it's clean" as it is not scanning the infected unzipped file - it's just scanning…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  18. Microsoft Authenticator Team Password Manager and Sharing

    Hi, please make it possible to use Password Sharing with others to use the App as a Team Password Manager.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enhance sensitivity labels for sites to include site content sharing capability

    It would be very useful to control Site Sharing Settings eg - "Only site owners can share files, folders and the site" to the list of restrictions we can apply in the sensitivity label. That would take us one step closer to being able to create a highly secured site

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Alerts from https://protection.office.com/viewalerts show wrong "ClientIP"

    Currently when I view alerts from https://protection.office.com/viewalerts the "ClientIP" shows the IP address of the Office 365 server that detected the alert and not the Client IP of the user that created the incident. I think it is vital to locate the cause of the alerts.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 128 129
  • Don't see your idea?

Feedback and Knowledge Base