Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Daily Quarantine Email Notification Changes

    The quarantine notification email needs to be improved as follows:


    1. When a user receives a Quarantine email in their Outlook client and chooses “release to inbox” or “report as not junk” the resulting web page should allow for the rest of the unassigned emails to be managed instead of forcing the user back and forth between the email client and web browser.


    2. It would be helpful if the email or resultant web page Included a link to further manage the Quarantined messages in bulk.


    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Improve app password support for non MFA capable applications

    The generated app password should be more than lower case. Additionally, given that this is really a single factor authentication mechanism, password expiration needs to be supported. Customers run into a dilemma since MFA will be valuable for web access but the single password for non compliant application access with no automatic expiration makes it potentially worse from a security perspective for those apps. Creating an admin burden to periodically delete the app passwords is also not scalable for larger organizations.

    Additionally office for MAC really needs to support MFA. Why it was not added to the recently released office…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. end user notification

    currently in EOP, when we enable the end user notification for quarantine emails, the minimum value is 1 day, which may cause the issue we may miss some important emails, we required that we may improve the feature to send notification every hour.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    Please share with us more about how you use the product. For scenarios which require end users to regularly scan for false positives, we find that customers prefer to use Junk Mail folder instead of Quarantine. Is that an option for you? Also, have you investigated the causes of the false positives? Improper configuration is the cause of roughly half of all false positives.

  4. Cross-check RBLs so that an IP address has to appear on more than one before blocking that IP from sending email to Office 365 users

    Cross-check RBLs so that an IP address has to appear on more than one before blocking that IP from sending to Office 365 users. Currently, is an IP address is blacklisted by any one of the RBL services it is prevented from sending email which is a single point of failure in that a problem/glitch with Spamhaus, for example, can prevent legitimate email from getting to Office 365 users even though no other RBL blacklists that IP address. IP addresses should have to appear on at least two RBLs before blocking email to Office 365.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add recipient (TO:) on Malware notifications

    ΦSteps to reproduce
    ~Step 1:Set Notification when Malware is detected~
    1. In the Exchange admin center (EAC), navigate to Protection > Malware filter.
    2. Select the Default policy > Click the edit icon
    3. Click the Settings menu option. In the Administrator Notifications section, select the check boxes to Notify administrator about undelivered messages from internal senders and to Notify administrator about undelivered messages from external senders. Specify the email address.
    4. Click Save.

    ~ Step 2:Send a Malware mail~
    Access https://www.andymillar.co.uk/blog/2007/12/06/testing-your-email-virus-scanner-with-eicar/ and enter email into the box. Click Email Me EICAR!

    ~ Step 3:Admin receives the Malware notification as…

    57 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  6. Please do something about when an app takes too long to load. It is very frustrating, especially when you need to do something important

    I was going to use PowerPoint to create a presentation and it needs to be done as soon as possible, but every time I would click on the button, it still wouldn't work, even if I refreshed many times. I go back and forth to this site to check if it's working properly already but no. The others worked fine but not PowerPoint. I hope you'll do something about this. BTW I have no concerns about my internet connection as well

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  7. Connect Advanced Threat Protection Positive Findings to Report into the Microsoft Malware Protection Center

    We have been reporting in the findings of Advanced Threat Protection into the Microsoft Malware Protection Center. In the vast majority of cases so far, our reports are leading to definition updates. This should be automatic or companies should be able to opt-in so that the detections on Advanced Threat Protection feed into existing Microsoft malware research teams / systems.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  8. Advanced Threat Protection - SafeLinks - Create Submission Mechanism for False Positive Malicious Domains

    Advanced Threat Protection - SafeLinks - Create Submission Mechanism for False Positive Malicious Domains

    This idea would create a feedback / reporting mechanism for domains incorrectly tagged as malicious by the SafeLinks feature. We had an example of a partner domain that was tagged as malicious, had zero malware / good reputation / etc. (confirmed by Microsoft Support), and had no way to feed that information back into Microsoft for a review of the malicious domain list so it could be removed. Similar feedback mechanisms exist for false positive Spam and virus detections - URLs deserve the same treatment.

    202 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow specification of IP for journaling destination

    When configuring the journaling feature it is currently required to use a deliverable email address as the destination.

    When journaling to an internal server it would be more convenient to specify a specific IP address for delivery.

    For us, we want to use an internal server to archive all of our mail, but we don't want to have to configure DNS to do so.

    Thanks!

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    try this instead  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Do not apply default Email Retention delete policy to both the primary mailbox and the Online Archive folder.

    Our new corporate email retention policy requires that all email in the users primary mailbox be deleted after 180 days unless the user manually moves the email to their Online Archive or some other location. This seems like a simple request, except that a default delete retention rule always applies to both the primary mailbox and the Online Archive. Since the 180 delete rule is now a requirement there is no need to pay $4 per month per user for the Online Archive since it will not be usable going forward. Our organization will probably cancel 50,000 online archive licenses…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Admins be able to delete unsent mail from queue

    Office 365 admins should be able to go into the mail flow queue and delete or resend emails that show "stuck" (either pending for a long time) or duplicate emails.

    133 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. show message trace results in specified timezone instead of UTC

    For convenience when performing the message trace, please show the results of the message trace in the user time-zone instead of UTC.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  13. Exchange Advanced Threat Protection Timeouts

    We're getting timeouts based on, well, I'm not sure what is causing some of them. One thing that has been known to cause them is attaching a file without a file extension. We have a perfectly safe .pdf that we forwarded through (after removing the .pdf) extension and it blocked the file after the scanner timed out. This doesn't seem like the best way to handle the situation. I know I can allow all "time-out" attachments through ATP by checking a box, but that seems like a bad option. Probably the best way to handle this is for the scanner…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  14. Implement A Proper Quarantine Mailbox for Advanced Threat Protection's Safe Attachments

    We're seeing tons of mail get caught by the Safe Attachments feature in ATP and the experience is horrible. The only way to monitor blocked attachments right now is to hope that the user notifies you that their email is missing an attachment or utilize the "feature" that allows you to copy all blocked attachments to another mailbox. Usually I check that and it turns out to be a false positive, but guess what, I can't forward it on to my user because it'll block it again. Recipient-based filtering is a terrible option and the whitelisting capabilities are another sore…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  15. Group Email id (distribution list)

    When ever we are creating new email id it should have the option of adding automatically to the particular Group Email id (distribution list) and the option should be available for the normal distribution group.

    Option should be available for normal distribution group can be converted to dynamic distribution group?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Message body Trace

    We are unable to retrieve Body of the Message from Message Trace,
    kindly add this functionality

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow for different NDR when using on premise Exchange with EOP

    The current NDR message sent from Office 365 states the mailbox you're trying to reach is hosted by Office 365, even if your only using EOP with on premise Exchange. Our mailboxes aren't hosted by Office 365 and the NDR saying they are creates a problem for us because we have NDA's that prohibit mail from being hosted in the cloud. We're only using EOP as a protection service, not Office 365 mail hosting. A feature that allows for either a custom NDR or one that uses the information from your on premise Exchange server would be a great feature…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide ability to change hosted quarantine retention period

    Provide ability to change retention period of items placed in hosted quarantine (fixed at 7 days - really 6 days in practice).

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. False Subscribed Emails Overriding Domain Rule

    I've noticed an increase in spam messages coming in disguised as subscribed emails when they were in fact never subscribed to. Ex: Vitaliy N. Katsenelson, CFA <vk@imausa1.com>
    According to Microsoft's policy, incoming subscribed messages overrule any domain rules and will get sent to the user despite attempts to block by sender, domain, IP, country, keyword, etc. Spammers are becoming more clever and now embedding the "Unsubscribe" link to the message headers tricking Microsoft into not flagging it. The development team should be made aware of this vulnerability and possibly modify the subscribed messages policy and allow us the…

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide support for Failover Smart Hosts

    Provide support in the connector routing interface to allow a priority to be assigned to Smart Hosts. This would allow for a failover situation between different providers. Similar to an MX record priority.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    try this instead  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base