Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. When using Sharepoint lists, sync'd through OneDrive on Mac, ALL deleted items go into Trash

    When using Sharepoint lists, sync'd through OneDrive on a Mac, ALL deleted items, no matter what the permission level in SharePoint, are sync'd to all user's local Mac Trash bins. This causes potential compliance breaches with users being able to access confidential information. According to MS support this is a 'feature' and cannot be disabled. I suggest that there be an option to disable this.

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. Include Category in meeting request

    When working with a team, where everyone shares the same categories in their (work-)calendars, it would be tremendously useful to share the category of a meeting request with everyone invited to that meeting.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. The ability to turn off or disable the quarantine filter.

    I utilize AppRiver to Filter my Mail
    I see no reason that I cannot disable this even through a transport rule.
    We need the ability to turn off this filtering.
    Otherwise, I am maintaining two email filters which are double the effort.

    Please and thank you !

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  4. Reduce the amount of time needed to view the activity list in an alert

    It takes at least an hour before I can see the data in an activity list of an alert.
    In a redirect/forward creation rule alert, the details in the activity list are very important when you need to ***** the potential security risk. And you want to be able to do it immediately and not to wait an hour for it.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable by default alert Activity from infrequent country

    These anomaly detection policies are only available for E5 users or MS CAS.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add retention tags for Notes and Calendar

    Please add the Notes and Calendar from the Exchange Admin Center to new Compliance / Security section

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. We currently have in-place holds for mailboxes that expire after 1 year.

    We currently have mailbox in-place holds that expire after 1 year. This allows us to meet compliance policy without having to go back and manually delete holds after the required time. Can you do something like that in eDiscovery?

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support 'guest users' as collaborators on Cases.

    Support 'guest users' as collaborators on Cases.

    It seems like a defect that guest users are not currently supported as collaborators.

    In a support case I was told: 'As we have discussed it is by design that we can not assign a guest user as e-discovery manager'.

    If this is the case, then the design is flawed: While it is possible to assign a Guest AD User as a collaborator on a Case. It then does not work - they are not granted access. They can login to Security and Compliance center, but unable to view assigned Case.

    Please fix…

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. Microsoft 365 NIST 800-171 Assessment in Compliance Manager

    Can you add the NIST 800-171 assessment in Compliance Manager for the product Microsoft 365?

    Right now the product list only includes: Azure, Azure Government, Dynamics, Office 365 and Professional Services. No M365 :(

    Thanks!

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  10. Provide the ability to call a Microsoft Flow in a Retention Label in Security and Compliance Center similar to an IRM policy in a library.

    When configuring a retention label in security and compliance center a Microsoft Flow should be an option to execute when executed. Similar functionality exists in Information Rights Management in a document library that can call a SharePoint designer workflow. Flow should be integrated into SCC to accommodate custom actions.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  11. Creation of forwarding/redirect rule alert: improve visibility of address forwarded to

    When an alert is triggered because of the Creation of forwarding/redirect rule policy, finding the address that is being forwarded to is very tedious compared to how important this information is. It is also drowned by all the information around it despite it being the second most important element to decide if the alert should be investigated further or dismissed.

    The current route is:
    1) Click on "view alert details" in the e-mail notification / on the alert in the alert list of the S&C center
    2) In the alert, click on "view activity list"
    3) In the activity list,…

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  12. Create separate retention policies for 1:1 chat and Team / Channel chat

    In Skype for Business, there's an option to log or not log messages, and all one to one or one to many messaging threads are treated as ephemeral messaging if logging is disabled.

    In teams, not logging or retaining messaging in a Team or a Channel reduces the value of the tool. Currently, retention can be configured for chat to team or channel messaging, and the same retention level is applied to all messaging. (30 day minimum)

    It would be great if 1:1 or 1:many chats could be treated as ephemeral messaging, and teams / channel chat could be set…

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support PIM Roles

    Transition management of S&C access/roles based on Azure PIM roles to better support access management and auditing.

    2 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. "Envelope-From" Option should be add in Content search.

    "Envelope-From" Option should be add in Content search. So Admin can search through the Envelope From address. When you search through from address the content search is not working for that specific spam emails.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  15. Policy to monitor User Login and actions

    We'd like to create "super admin" that does not have MFA. As a Global Admin, we would like to know when this account is logged into and what it is doing. This account would not be used unless required, but would be a more generic name so access could be assigned to more than one person. I can't see a way to be notified for login access with the policy options today.

    0 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. Illegal data collection Office 365 MAC

    If you install Office 365 for MAC you get the question if you want to share full diagnostic data or basic diagnostic data, but you can’t select no data. According to the EU law this is not allowed (ref. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679).

    Of course, you are collecting anonymized data (at least this is what you say), but technically you need an identifier (unique ID) for receiving data. This UID represents the customer and therefore this is personal data. If you really use no UID, there are technical solutions to analyze big data and find a specific information.

    You are allowed to…

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. Alert whenever a user attempts to send an attachment to an external recipient

    With the advent of the EU GDPR we feel it would be useful to be able to alert users if they have included an attachment on an e-mail to an external recipient to ensure that the content of the attachment is appropriate for the recipient i.e. no personal information.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. Customer managed granularity for CSPs in compliance manager for Office 365

    Allow the ability to split the Customer field into CSP and Customer(s). Also associated permissions to see what you are assigned via groups. Shared responsibility is not always just two parties.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  19. My User Compliance Score fell from 41 to 29, but i cant see a reason why it did

    My User Compliance Score fell from 41 to 29, but i cant see a reason why it did, I discussed with Microsoft backend, tech lead, they said they cant tell me why my score fell
    Its like my credit score fell and I cant find out which credit card I missed payment on,,thats not acceptable

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enable the Alert Policy to capture the user logon activity

    Audit Log Search -> New Alert Policy
    The option "User Signed in mailbox" doesn't work.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base