Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. How about you use SPF records to verify the validity of a mail server like the rest of the industry?

    We moved our client to a new internet connection and changed their MCX and SPF records accordingly (both records had a TTL of 60 seconds). 3 hours later, they told us O365 was blocking them. Check of industry blacklists and SPF Validity tests indicated noone else had a problem receiving their mail, it was just O365 being *special*

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
    • Spam notification - streamline functionality on email

      Spam Notification Message from quarantine@messaging.microsoft.com:
      Each action chosen on a spam message in the list opens a new browser window which is generally meaningless and is an annoyance

      Suggestion: 1. Have a selection for both the "release" and "report" action for each message

      2. Add a single button to "APPLY" actions at one time. - This eliminates the opening of a browser window for each individual action.

      Also, please clarify if "report" to Microsoft also releases the message to the inbox or not and vice-versa. Thank you!

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
      • 4 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
        • Allow tenants to create custom Mail Flow alert policies

          The default "Messages have been delayed" policy has a minimum value of 200. For small tenants, this number is too high and it could take several hours to be notified of an issue. Currently, there are no additional Mail flow options to create a custom rule. Please allow tenants to customize alert threshold based on their environment.

          2 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • Safe attachment scan speed must be improved. Productivity took a huge hit. 5-10 minutes scan are not acceptable with high profile users

            We took a hit when enabled ATP with safe attachments via dynamic delivery. We got many complains across the board about the time it takes (5-10 minutes, 15-30 minutes, 2 hours, 4 hours, sometime attachments never made it) for the attachments to arrive to the sent emails. We need ATP to work more efficiently and scan time must drops down to a tolerable level like 60 seconds or less (or at least cut the scan time in half)

            6 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
            • Real-time Logging within Auditing

              Audit logs in the security & compliance center are not populated or refreshed in real-time. Waiting for the audit logs to populate which could take up to 24 hours makes it ineffective with delayed data in order to track down issues/user activity/attacks/etc.

              14 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
              • Alert Policy for Inbox Rule Creation/Deletion/Modification

                Currently O365 has an alert for forwarding/redirect rule within Security and Compliance Center. Considering that most phishing campaigns are crafted with someone setting up Inbox rules to move messages to another folder which are monitored, creating a man-in-the-middle attack. It would benefit tremendously to be alerted whenever a user creates/deletes/modify an inbox rule to prevent attacks before they happen.

                14 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                • In Office 365 ATP dynamic delivery mode, if an attachment was removed after scanning, ability to quarantee or remove email from mailbox.

                  Ability to delete/remove/quarantine an email from users mailbox when ATP safe attachments using dynamic delivery when file is considered dangerous and removed.

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                  • Security & Compliance - Restricted Users - Feedback

                    The new Restricted Users page in the Security and Compliance center is missing key functionality that the Action Center in the Exchange Admin Center has. On the Restricted Users page, you can not sort the list by column and there is no search option to locate a specific user.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • §7-4-302

                      {170fa89a7-6889a-69a4c9eb17-12bcc:)svst...
                      Vcard (205) 945-7201 kATH-E6C9D289B -19 C.J.S. CORPORRATION§§1626-1630
                      1d1ff2d.RDS
                      LAW NO:86-776.7
                      SEE, DALTON LAW https://info.evidon.com/pub_info/16847?personalization=delete&Solid=amexcm_cmo_my1

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • Automate secure score

                        send email report/diagnostic for secure score.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                        • it would be fantastic to have a notification system for article updates

                          When an article is updated with useful info, such as what IP addresses that MS sends from externally. it would be nice to have a way to update concerned customers with that info. Otherwise angry customers become my alerting system.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                          • report message add-in

                            1) What data/metadata is sent to Microsoft when a report is send to Microsoft?
                            2) Is the selected email(s) sent in the entirety to Microsoft?
                            3) Which geo is the email(s) reported sent to? Meaning, if an email is reported from UK, is the analysis and subsequent intelligence produced in the US?
                            4) Re the Report Message add-in, can the option to send a report be disabled leaving the other options unchanged?

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                            • Enable Audit Log Search facility to capture mobile device serial number or device specific information, so we can track exact device

                              Enable Audit Log Search facility to capture mobile device serial number or device specific information, so we can track exact device that is carrying out the actions in 365
                              Currently, the audit log is full of information, none of which is device specific

                              4 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow auditing a meeting item by the starting-ending date (not only the made date)

                                You can possibly search the meeting item by the date when the item was made, executing the command below.

                                New-ComplianceSearch -Name "<Searching name>" -ExchangeLocation <UPN> -ContentMatchQuery {date=<yyyy-mm-dd>..<yyyy-mm-dd> AND kind=meetings}

                                The query "kind=meetings" inserted in ContentMatchQuery makes the search possible but this command (and query) can only search by the date when the meeting item was made.
                                I would like to search and audit by the date when the meeting starts and end too.

                                7 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
                                • Support for multi-values in Asset ID in event-driven retention

                                  When using event-driven retention, users apply a label (that's tied to an event type) and an Asset ID to documents. I believe right now only a single value can be entered into Asset ID. Is there any plans to support multiple Asset ID's (i.e. make Asset ID a multi-value field)?

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • man in the middle

                                    Ladies and Gentlemen!

                                    Our IT security specialists have found out that the login data is transferred in plain text when logging on to Office 365. This enables very simple "Man in the middle" attacks. I found a post in Technet about this topic, which is two years old.
                                    This should be checked and fixed urgently.
                                    Link to original post: https://blogs.technet.microsoft.com/latam/2016/12/09/o365sectalken/
                                    Thank you very much!

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Admin who has a Exchange Plan 1 should also have a full detail Information for Audit logs results

                                      global Admin who has a Exchange Plan 1 should also have a full detail Information for Audit logs.

                                      6 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Stop requiring login to see news

                                        We are tired of constantly logging in to see what's new and available to us.
                                        When a mail is sent to me, I have to login as an admin to see the content.
                                        Our tenant is heavily troubled with hackers.
                                        I had to search Google to find a way to stop it, and also I found several links to security sub-pages on the Azure portal that I did not know about.
                                        What about giving us the real news in the mail message, and also auto-add new config pages to the portal, we can always remove them later.
                                        It's frustrating to…

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Self-destructing email

                                          self-destructing will be very useful for administrators to send confidential emails to users. Once the email expires as per the settings, no one must be able to view it. This is will prevent from important data getting stolen when an account is compromised. Gmail has this feature, Microsoft should catch-up

                                          2 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          ← Previous 1 3 4 5 67 68
                                          • Don't see your idea?

                                          Feedback and Knowledge Base