Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Hacking

    Yes my EX husband has signed all my emails up to different things.I only use my email for work.Everytime I create a new email he gets into it and changes number and security info and PW.I created 5 in 24hrs the thing is he denies it he’s also doing identity theft impersonating people to try scam me on gumtree he’s made himself administer to my acc and has managed to get into my brand new iPhone new Apple ID emails ect.I have my phone locked away in a safe all the time and on Aeroplane mode.Livibg under same roof until…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Create a mechanism to wrap an OME Configuration to some/all encrypted emails but not every emai.

    "Ensure all external recipients use the OME Portal to read encrypted mail" in the article below is misleading. The instructions lead you to encrypting every outbound external message. It would be nice to ensure external recipients OF ENCRYPTED EMAILS use the OME Portal. Even better, ensure some external recipients (based on criteria like recipient domain) OF ENCRYPTED EMAILS use the OME Portal.

    https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-office-365-message-encryption?view=o365-worldwide#ensure-all-external-recipients-use-the-ome-portal-to-read-encrypted-mail

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. ประเทศไทย

    ปฎิเสธทุกข้อกล่าวหา

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Audit - Block Sign In & Sign Out of All O365 Sessions.

    Please can you add the ability to audit and capture the actor that triggers a Block Sign In, and/or Sign Out of All Office 365 Sessions Event.

    This will help to determine who initiated the action.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Use wildcards in Device User Agent quarantine rules

    It would be good to be able to use wildcards to test Device User Agents in mobile quarantine policies.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add attachment file names to transport log entries

    To be able to provide management with solid risk assessment data,
    we would like to get some idea of the types of file attachments that our users receive.

    Example:
    Extension 24Hr_Count MessageIDs
    .pdf 102 {messageID1}, {messageID2}, ...
    .docx 91
    .p7s 22
    .htm 17

    To achieve this, it would be helpful to have message attachment file names available in Exchange transport logs (and the Office 365 equivalient)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Flag or mark mails from domains users hasn't received mails from in the past

    It would help a lot against spear phishing, if mails received from a domain the user hasn't received mails from in the past is being flagged or marked somehow. This would make it a lot harder for hackers to use almost identical domain names for phishing

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow to save attack smulation templates with custom URL landing page

    Parentally we can not save the templates with a custom landing page. When we create the template and changed the landing page with a custom url, the url wont be saved after saving this templates.
    We have to remodify the landing page when we are lunching attack with this saved template.
    Please change this design, it's not reasonable.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1908

    I am on this site today logged in as an "administrator" for Microsoft groups "1908" yet I have never signed up for any of this. I am in need of Microsoft security. Not GROUP OR TEAM BUT. " SECURITY" CONTACTING ME NOW to cooperate with an online ongoing FBI investigation concerning activities by Microsoft (teams).

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  10. Extend Audit Log retention to 6 months

    Currently, if you are on a base M365 plan without Advanced Compliance then your audit log period is only 90 days. To extend this to 1 year you need to move up in licensing which is costly. I am proposing to increase the default retention to 6 months and if you need to increase to year retention then you need the add-on. 6months retention will align Microsoft with Gsuite as their default retention is 6 months

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Intelligent External Email Tagging

    Currently the system blindly applies an “[External]” tag to an email subject and a notification in the message body. If the email is forwarded or replied to only internal email addresses, the message is again tagged as external, repetitively causing tagged to be applied, resulting a perpetual situation like this with the subject:
     
    [External] RE: [External] RE: [External] Message Subject

    This is for a message that was originally from an external source that got replied to internally multiple times. At this point it is an internal email, but an "[External]" tag is incorrectly applied. The best way to defeat…

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  12. spoof domain name soundex report

    Report which detect similar domain name registered within o365 to avoid spear phishing attacks. Using Soundex example:
    @mydomain.com would report on new tenant with @myd0main.com - only provide public whois information in report
    Thank you

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow external users to see more than one message (all messages sent to them) in one session

    If I send an external user 2+ messages they receive links for each individual message. Can they see a listing of all messages that were sent to them? Asked differently, can they bookmark a landing page that gives them a central place to view all messages (that haven't expired) in one location?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Improve the flexibility of sensitive labels content markings

    We would like to have more formatting option when adding a header text like a left-aligned 10-inch margin.

    145 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow default label to be applied to all EXISTING files using "Security & Compliance" Auto-labeling

    Allow default label to be applied to all EXISTING files using "Security & Compliance" Auto-labeling.

    To expand this, assume there are 3 label High, Medium, Low. Rules are created to label (based on content) High and Medium files. A catch all rule for anything not label is required to apply the "default" label of low when another label is not present.

    While the creating of a new file will get the default label, the 1000's of existing content will not until it is opened and saved. This is not feasible in a large enterprise.

    MCAS rules, that can do this…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Be able to get online help without having to open up privacy settings.

    Be able to get online help without having to open up privacy settings. You cannot get help unless you agree to give up privacy... This is ridiculous in order to get help.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Output the content search results in TXT format.

    I would like you to add a function so that you can retrieve data in TXT format instead of PST format when exporting content search results.

    コンテンツ検索の結果をエクスポートする際に、PST 形式ではなくテキスト形式でもデータを取得できるように機能を追加してほしい。

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  18. Desperate for help... ATP classified our domain as malicious by mistake and that's destroying our company

    Since Saturday, every time anyone with Microsoft ATP enabled clicks on a link from our domain, safe links blocks it and tells them that our site is malicious (which it's not).

    Our domain is marked as safe on all the other security providers we've found. Only Microsoft Advance Thread Protection is blocking it.

    There has to be a way for Microsoft to fix the issue on their block domain list inside ATP (safelinks).

    With so many Office 365 users in B2B, blocking and pointing a safe company's domain as malicious by mistake causes a really big problem for that company…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. Maintain the Folder structure in Advanced eDiscovery

    It would be good to be able to see the Folder Structure that was originally created in outlook and one drive in Advanced eDiscovery. Presently all the documents and there, but the structure has been lost and so locating documents is challenging

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  20. To know how many files are detected as malware via Threat protection status report

    I would like to know how many files are detected as malware via the Threat protection status report. Although the logic in the file calculation isn’t disclosed but we found there is a difference in the number of files between the notifications of the malware and the numbers shown on the report. So we would like to request that the calculation to be more consistent and show the accurate number of files to us for checking them easily.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 113 114
  • Don't see your idea?

Feedback and Knowledge Base