Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow administrators to have an approved domains to bypass the automatic forwarding block

    With the new change to the Outbound spam filter policy, we are finding that we have a number of customers with sub companies on different tenants that are being caught by the new auto forward block as they are seen as external domains.

    It would be nice to be able to specify an approved set of domains for the Automatic Forwarding to allow email to bypass the blocking as needed but continue to block the rest.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enhanced Email Phishing Warning Banner Capability

    Currently, you can create a transport rule in Exchange Online that appends a banner to emails. This is commonly used to notify recipients that the email is from an external sender, to warn them it may be a phishing attack if the person is spoofing an internal sender. Tool tips can also be used, but these are not as customizable and don't show in all clients. Please develop a native capability that allows further customizing and a more intelligence warning banner to be inserted into emails. For example, some 3rd party services have the ability to scan a mailbox to…

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Email auto-forwarding ATP policy and reporting

    For MC221113 "Office 365 ATP External email forwarding controls and policy change"

    Align the ATP forwarding policy rule options with the Auto-Forwarding Report categories, instead of just Automatic/On/Off. Since the forwarding report gives numbers by 3 categories (By mail flow rules; By Inbox rules; By SMTP forwarding), would be nice to enable/disable each separately - so we can allow SMTP forwarding when an admin configures it on an account, but disable a user creating their own rules to forward emails externally.

    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-auto-forwarded-messages-report?view=o365-worldwide
    https://security.microsoft.com/antispam

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow users to delete quarantined emails from the quarantine list

    This will make it easier to check the queue over time instead of waiting for the messages to expire. It appears this was requested previously, granted, but then taken away again. Please bring it back!

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Include Reporting Spam with Online Email: I don't us Outlook and started receiving SPAM/PHISHING email form someone using onmicrosoft.com

    Your reporting method of attaching the spam/phishing email does not work if using an online service. My ISP does not allow attaching email. I can only forward it. Whoever this is is also exposing my email address to everyone on their list which will open my eddress to other spammers.

    You need to police your users from this abuse.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. report phish

    When a user uses the Report Message add-in in Outlook to report a phishing message, it triggers all kinds of excellent Automated Investigation and Response things - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/automated-investigation-response-office?view=o365-worldwide#example-a-user-reported-phish-message-launches-an-investigation-playbook -

    However, we currently use a 3rd-party tool to report Phishing messages (KnowBe4 Phish Alert) because it can give the User positive reinforcement for reporting KnowBe4's test messages.
    I set up the KnowBe4 to also report to phish@office365.microsoft.com , but this does not trigger the Automated Investigation - although we usually do see a PhishZAP investigation a little bit later (presumably after the exchange backend has had time to crunch through the…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Detect specific pattern in HTML source code of mail

    Ability to match for specific regex in mail body html source code to detect technique that attacker used to evade detection and bypass EOP

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Better handling of quarantined emails for end-users

    There's lots about how the quarantined mail notifications work, the fact it is disabled by default and has limits on how frequently people are notified about quarantined mails.

    There's a simple way to address this. Make quarantine work more like Junk i.e.
    - have a Quarantine folder in Outlook that lists all mails currently in quarantine (sender, subject and reason for quarantine).
    - have options on each mail to release or remove
    - update the Quarantine folder in real-time

    That way, right from the start end-users can see mails are being quarantined and do something about it if needed. No…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Exchange Transport Rule for spoofed email using compauth reason code within Authentication-Results header

    When DMARC isn't enforced to restrictive policy yet for any domain, some illegitimate spoof will still go through and some other legit emails, sent by partners must not be blocked.
    It could be easier and reduce the amount of false positive if we could use the "CompAuth" value within the Authentication-Results.
    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-headers?view=o365-worldwide

    When you check spoofed email header such as the one under :
    - Authentication-Results spf=[...]; dmarc=fail action=none header.from=mydomain;compauth=fail reason=001
    you'll notice the compauth and reason at the end. Today, we are not able to match them.

    Composite authentication is usually set to none or fail for spoofed email…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Release Quarantined Emails From Threat Explorer

    When working primarily out of the Threat Explorer, you can identify emails that have been quarantined. However, releasing or deleting those emails can only be done when manually navigating to the quarantine page. You should be able to release/delete these messages via the Threat Explorer rather than having to work out of different areas to complete this.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Customize Alert Policies

    Allow for exceptions to Alert Policies. For example, the “Phish URLs Removed After Delivery” rule is prone to False Positives. Being able to exclude addresses from the Alert would increase the fidelity of the Alert.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Safe Links User Clicks

    In the Threat Explorer, the “User Clicks” tab displays when a URL was accessed in an email. However, you can not see which user clicked the email when multiple results are displayed. Displaying the username of who clicked the link would help with remediation for that user.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Message Trace Details in the Threat Explorer

    Including the data displayed in a Message Trace within the Threat Explorer would be useful when troubleshooting email issues. For example, the Message Trace shows what DLP/Mail Flow rules were applied to an email. Our organization works primarily out of the Threat Explorer, so being able to get this data without having to work out of multiple areas in the Security & Compliance Center would be helpful.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow customized content filtering

    Create a section in the anti-spam policy where you can add custom keywords that can be marked as spam. This can currently be done via a mail-flow rule, but having it available in the anti-spam policy would have less potential impact than a mail-flow rule. Also, being able to add additional file extensions to the anti-malware policy would be useful. It currently only allows you to filter extensions from a predefined list.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable Commenting for Allow/Block List Entries

    Allow for commenting when making entries into the Allow/Block lists in the Anti-Spam & Connection Filter policies. These lists are large for our organization and we have to maintain an external list to reference why an entry was made. Being able to reference a reason of why the entry was added within the console would be a huge time saver when performing maintenance.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Don't rewrite URLs with ATP Safe Links

    How about letting ATP Safe Links run its policy rules before delivering the email to the tenant's mailbox, and don't mangle it at all if it passes the security checks? Some tenants use email-based software development, and ATP Safe Links are a pain to deal with.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add attachment file names to transport log entries

    To be able to provide management with solid risk assessment data,
    we would like to get some idea of the types of file attachments that our users receive.

    Example:
    Extension 24Hr_Count MessageIDs
    .pdf 102 {messageID1}, {messageID2}, ...
    .docx 91
    .p7s 22
    .htm 17

    To achieve this, it would be helpful to have message attachment file names available in Exchange transport logs (and the Office 365 equivalient)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow to save attack smulation templates with custom URL landing page

    Parentally we can not save the templates with a custom landing page. When we create the template and changed the landing page with a custom url, the url wont be saved after saving this templates.
    We have to remodify the landing page when we are lunching attack with this saved template.
    Please change this design, it's not reasonable.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 20 21
  • Don't see your idea?

Feedback and Knowledge Base