Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. POPUP WARNING BOX MDM Deactivation is unavailable

    Please provide a POPUP WARNING BOX that when activating MDM that there is no option to deactivate the MDM service once it's enabled

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Connect my EOP account to the malware submissions.

    The issue that we are having is to when we need to submit a file\email for review on the Malware site, we are required to sign in to check on the status. Our EOP account is not recognized to sign in. When we select to create a new account, and use the same email address, we get error that the address is already in use. We are a company and need to be able to have our EOP account linked to the Malware site since they both are needed to combat the malware issue.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add abilty to filter email with no PTR in EOP

    I recently had a request open to get assistance with filtering out messages with no PTR record to Junk or Quarantine. The response was that this currently can not be done in the current design. We had this capability with our previous email filtering solution prior to migrating to O365. Some spammers do not manage their PTR records so we have discovered this method to be very effective. Without this feature, EOP is inferior in protection than our previous vendor.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. DMARC Aggregate Reports from O365 Domains

    Ability for Office 365 to send DMARC Aggregate reports when set in a monitoring policy to see which aouthorised\unauthorised senders are using my domain suffix... just like other vendors are already doing.

    3,229 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    100 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Option for excluding purged email with on-hold

    My legal department would like to use on-hold from day 1 on the user but they would like to exclude purged emails (deleted emails that only exist in eDiscovery). In law cases, deleted emails can be a burden (negative for the Company).

    So I would like to have an option that we can enable by powershell, (exclude deleted emails).

    I guess that this is very different regarding which sector the Company works in. So an option would be great to (deafault off)

    We can today do a setting that purges the email after for example 6 months (user can recover…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. Releasing a quarantined message sent to a group should only release to the releasing user

    Currently spam or malicious emails sent to a distribution group that are successfully quarantined can be released by anyone on the DL, and are then delivered to everyone.

    This results in many users receiving malicious emails due to a single user's error/curiosity.

    This behaviour goes against normal user expectations. Anyone releasing a mail assumes it would just be released to them, and does not consider it may be released to 100s of others at the same time.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Daily report about spam quarantine

    Receive daily mail about mail in quarantine (with "subject", "from" and "to")

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Office 365 mail queue viewer and control

    It will be better if Admins get the option to view the mail queue in Office 365. We will have more control on the email flow if this option is enabled.

    516 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    33 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback.

    Today you can see messages which are “pending” in a queue through Message Trace feature. In the Mail flow Dashboard, you can see messages queued for more than an hour. We’ve also created alerting for this condition. Can you tell us what other things you need and what the scenarios look like / how commonly you need to perform the task?

    This would help us when evaluating this item further.

  9. Daily Quarantine Email Notification Changes

    The quarantine notification email needs to be improved as follows:


    1. When a user receives a Quarantine email in their Outlook client and chooses “release to inbox” or “report as not junk” the resulting web page should allow for the rest of the unassigned emails to be managed instead of forcing the user back and forth between the email client and web browser.


    2. It would be helpful if the email or resultant web page Included a link to further manage the Quarantined messages in bulk.


    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve app password support for non MFA capable applications

    The generated app password should be more than lower case. Additionally, given that this is really a single factor authentication mechanism, password expiration needs to be supported. Customers run into a dilemma since MFA will be valuable for web access but the single password for non compliant application access with no automatic expiration makes it potentially worse from a security perspective for those apps. Creating an admin burden to periodically delete the app passwords is also not scalable for larger organizations.

    Additionally office for MAC really needs to support MFA. Why it was not added to the recently released office…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. end user notification

    currently in EOP, when we enable the end user notification for quarantine emails, the minimum value is 1 day, which may cause the issue we may miss some important emails, we required that we may improve the feature to send notification every hour.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    Please share with us more about how you use the product. For scenarios which require end users to regularly scan for false positives, we find that customers prefer to use Junk Mail folder instead of Quarantine. Is that an option for you? Also, have you investigated the causes of the false positives? Improper configuration is the cause of roughly half of all false positives.

  12. Cross-check RBLs so that an IP address has to appear on more than one before blocking that IP from sending email to Office 365 users

    Cross-check RBLs so that an IP address has to appear on more than one before blocking that IP from sending to Office 365 users. Currently, is an IP address is blacklisted by any one of the RBL services it is prevented from sending email which is a single point of failure in that a problem/glitch with Spamhaus, for example, can prevent legitimate email from getting to Office 365 users even though no other RBL blacklists that IP address. IP addresses should have to appear on at least two RBLs before blocking email to Office 365.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add recipient (TO:) on Malware notifications

    ΦSteps to reproduce
    ~Step 1:Set Notification when Malware is detected~
    1. In the Exchange admin center (EAC), navigate to Protection > Malware filter.
    2. Select the Default policy > Click the edit icon
    3. Click the Settings menu option. In the Administrator Notifications section, select the check boxes to Notify administrator about undelivered messages from internal senders and to Notify administrator about undelivered messages from external senders. Specify the email address.
    4. Click Save.

    ~ Step 2:Send a Malware mail~
    Access https://www.andymillar.co.uk/blog/2007/12/06/testing-your-email-virus-scanner-with-eicar/ and enter email into the box. Click Email Me EICAR!

    ~ Step 3:Admin receives the Malware notification as…

    57 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  14. Please do something about when an app takes too long to load. It is very frustrating, especially when you need to do something important

    I was going to use PowerPoint to create a presentation and it needs to be done as soon as possible, but every time I would click on the button, it still wouldn't work, even if I refreshed many times. I go back and forth to this site to check if it's working properly already but no. The others worked fine but not PowerPoint. I hope you'll do something about this. BTW I have no concerns about my internet connection as well

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  15. Connect Advanced Threat Protection Positive Findings to Report into the Microsoft Malware Protection Center

    We have been reporting in the findings of Advanced Threat Protection into the Microsoft Malware Protection Center. In the vast majority of cases so far, our reports are leading to definition updates. This should be automatic or companies should be able to opt-in so that the detections on Advanced Threat Protection feed into existing Microsoft malware research teams / systems.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  16. Advanced Threat Protection - SafeLinks - Create Submission Mechanism for False Positive Malicious Domains

    Advanced Threat Protection - SafeLinks - Create Submission Mechanism for False Positive Malicious Domains

    This idea would create a feedback / reporting mechanism for domains incorrectly tagged as malicious by the SafeLinks feature. We had an example of a partner domain that was tagged as malicious, had zero malware / good reputation / etc. (confirmed by Microsoft Support), and had no way to feed that information back into Microsoft for a review of the malicious domain list so it could be removed. Similar feedback mechanisms exist for false positive Spam and virus detections - URLs deserve the same treatment.

    189 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow specification of IP for journaling destination

    When configuring the journaling feature it is currently required to use a deliverable email address as the destination.

    When journaling to an internal server it would be more convenient to specify a specific IP address for delivery.

    For us, we want to use an internal server to archive all of our mail, but we don't want to have to configure DNS to do so.

    Thanks!

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    try this instead  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Do not apply default Email Retention delete policy to both the primary mailbox and the Online Archive folder.

    Our new corporate email retention policy requires that all email in the users primary mailbox be deleted after 180 days unless the user manually moves the email to their Online Archive or some other location. This seems like a simple request, except that a default delete retention rule always applies to both the primary mailbox and the Online Archive. Since the 180 delete rule is now a requirement there is no need to pay $4 per month per user for the Online Archive since it will not be usable going forward. Our organization will probably cancel 50,000 online archive licenses…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Admins be able to delete unsent mail from queue

    Office 365 admins should be able to go into the mail flow queue and delete or resend emails that show "stuck" (either pending for a long time) or duplicate emails.

    123 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. show message trace results in specified timezone instead of UTC

    For convenience when performing the message trace, please show the results of the message trace in the user time-zone instead of UTC.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base