Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. quarantine mails

    the administrator should be able to delete emails from quarantine. the deleted emails should be relocated to another folder that could have a name " deleted from quarantine"

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Options/functions available to Windows users should also be available to Mac users

    All options/functions that are available to Windows users should also be available to Mac users (for instance, default preferences such as default duration of appointments)

    Our office uses Macs, and when I asked how to change the default duration of appointments in calendar, the response I received was as follows:

    "It’s not feasible to change the default appointment duration for Mac. We can only change it manually. However, we can do this for Windows systems.

    This is a feature by design. About your requirement, I suggest you post at this link: office365.uservoice.com/.../289138-compliance-protection, where our customers can share their thoughts and…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Fix ATP safelinks

    Advanced Threat Protection Safelinks is not always working correctly and putting users off legitimate links as the whole link text is rewritten rather than the underlying hyperlink. For example, take this support email from Citrix.

    Thank you for contacting GoToMyPC Global Customer Support. A customer support representative will respond to you shortly. Your case number for reference is 09452941. Please do not reply to this email.

    Please feel free to visit our support site at https://emea01.safelinks.protection.outlook.com/?url=http%3a%2f%2fsupport.citrixonline.com%2fGoToMyPC&data=01%7c01%7cnick.ioannou%40rgp.uk.com%7c2d3df5049c2e4c5a2e7a08d34419aa0d%7ce5f0406515b54ab9b46a8792ebe60f01%7c0&sdata=zAEOz1mYOuGzVM7Fm5VNmGDPBTvzodjWer2fofeKbnQ%3d for quick answers to your most common questions.

    Thank you,

    Global Customer Support

    Citrix Online Division: https://emea01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.citrixonline.com&data=01%7c01%7cnick.ioannou%40rgp.uk.com%7c2d3df5049c2e4c5a2e7a08d34419aa0d%7ce5f0406515b54ab9b46a8792ebe60f01%7c0&sdata=XrvG7%2b9J6uZ9XVCNiS7IuCif87ykDQtqdRFFY8bZpq4%3d Citrix Systems, Inc.
    Citrix Online Product Support…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Quarantine notifications, but no release functionalility

    Quarantine notifications, but no release functionality.
    We have currently setup the Spam quarantine notification messages for our employees. When they receive such an alert message, the users are able to release the captured messages. We would like to have the Quarantine alerts message to stay in place, but want to prevent end-users to release the messages. We want to force a 'second opinion' flow in between, to delegate this task to the Hygiene administrators. In such a configuration employees shouldn't be able to open the Quarantine URL either. Unfortunately we see some users are not able to see the difference…

    203 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Available in PREVIEW  ·  9 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Is there any virus scan being run?

    Can you scan incoming emails for attachments containing malware? When we used Websense, they scan and blocked them all. With Microsoft "security" they are flying in like a knife through tissue and into my user's mailbox.

    MS tech support has me block the sender's ip address after the email has flooded the office, but the blatant stupidity of such a solution needs no further discussion.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  6. Increase Message Trace Limits

    Increase Message Trace limits from 5000 and 3000 (for detailed traces). Either increase the limits by default or allow a certain number of traces that include larger numbers of messages.

    Certain organizations rely heavily on running message traces for all of their messages.

    It is a requirement for our client to be able to trace all of their messages with detailed information and it's a clumsy solution to have to create a trace for every day out of the past 90 days (which they must do because they send and receive more than 3000 messages within a couple of days).

    240 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    15 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  7. Show All Devices Connected to Outlook App

    Activesync allows full visibility of devices connected to a single account (iPhone & iPad) and functionality to block or wipe individual devices. Outlook shows one account for any device connected to it.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. A very simple and effective tool to backup a email folder

    Provide a simple standalone tool to export a folder to a mbox file. The input should be the username/password and the folder to backup and the output should be a mbox file with all emails from the specified folder.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Wildcard URL broken with EOP ATP

    If Advanced Threat Protection is enabled and Safe Links policy is turned on, then incoming clear text URL links are broken if they contain wildcard mask.

    We simply buy certificates from third party CA for wildcard type of like ".domain.com". Safe Links broke this to ".https://emea01.safelinks.protections.outlook.com/?url=domain.com" in simple text field area.

    This should be better handled.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. fix the ATP bug

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Block attachments with no file extension via the anti spam setup

    in this world of ever increasing ways to dupe organisations into giving away confidential information, one way for us to stop unwanted emails would be to have the ability to block emails that have no file extension

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Reduce the delay of non-delivery service for domain erro. The current delay is 48 hours, it is too long. 2 hours is a good time.

    Reduce the delay of non-delivery service for domain error. The current delay is 48 hours, it is too long. 2 hours is a good time.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  13. A page that shows all IP addresses used to access the account.

    In gmail you can go to SIgn-in & Security and it shows all activity. Not only the IP address, but, the name of the machine or device that connected. MS should add a similar feature.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow disabling of SPF checks

    As a user using both a dedicated security based ESP (Mimecast) with Office 365 Exchange, I have no need for many of the Office 365 security features.

    Most annoyingly is the fact that forwarding from my ESP fails the Office 365 SPF checks, because the sending domain doesn't match the IP range of the source any more.

    I wouldn't mind except Office 365 won't even allow me to disable SPF checking!

    This means a typical message is stamped with an SPF 'pass' from Mimecast and an SPF 'fail' from Office 365.

    This in turn could interfere with anti-spam rules within…

    130 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. E-Discovery Search to exclude Voicemail messages

    Due to confidential voicemail messages in mailboxes, can there be an option in the new e-Discovery search to filter out by voicemail message. I understand that you can specify searches by keywords, but if there is a build in feature in e-Discovery to exclude voicemail, this can prevent man made mistakes when performing searches.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Export tool on Compliance search

    Export tool on the new compliance search (azure)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. SPAM being identified and yet forwarded to 3rd party applications

    Improve SPAM re-production when emails are forwarded to 3rd party email platforms.

    We've got a SPAM email filtered by Office 365, but at the same time forwarded (by rule) to 3rd party email platform. Microsoft said this is a flaw on design and are looking to improve user experience. In short: If Office 365 identifies email as SPAM, no point in forwarding it right? I believe Admins are well aware how to trace where the email got stuck.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add "90 days" to Message Trace date range options

    I frequently use Message Trace to look at the activity for a particular distribution group or recipient to determine if it's no longer in use. It would be helpful if one of the date range options was simply "90 days" or "Maximum" so that I don't have to fuss with the calendar each time in order to pick the maximum query window. If the form can already tell me "You picked a date range longer than 90 days", then either it shouldn't even show me invalid days on the calendar control, or it should simply offer me a shortcut option…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  19. Custom NDR sending postmaster pr domain

    When using multiple domains, the default domain is used as postmaster-domain (so NDR are sent from postmaster@defaultdomain.com). This is not always wanted, especially if the domains not shall be related to each other. It should be possible to assign a sender for the NDR on domain-basis.

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  20. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base