Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Office 365 spoofing protection and direct send(NO TLS) cross road is on security leak

    On office 365 service, it allows you to use devices that dont have TLS support by "direct send" settings. At this point current security level changes and there is no warning or no current settings display as warning. This is important because if you set a direct send just once, your security level drop down to "no protection" and you have to activate some additional barrages( of course if you aware of this). Even you delete the settings you done for "direct send" your security settings are not set back to SECURE leveland you are unprotected to spoofing without any…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Unablt to install the MailprotectionReport_V2_en64.msi as we have only Excel 2010 & 2016 , and it only work with excel 2013

    Funny thing Microsoft is pushing the latest version of Office 365 but it is not compatible the above mentioned

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  3. OneDrive NGSC - Install in %PROGRAMFILES%

    Taking a look at the Installation process of the Onedrive NG Sync Client, it installs itself into the User Profiles APPDATA Directory like any usual trojan/virus does, instead of the usual %PROGRAMFILES% Directory.

    Installing Software into the users APPDATA Profile directory is nothing else than a bad habit by some dumb software developers (looking at you, Spotify/Dropbox/MeetingTools/etc) to enable users to circumvent the lack of administrative rights. I don't get it why Microsoft is supporting this unprofessional behaviour by using this method by themself.

    See here for further information:
    https://social.technet.microsoft.com/Forums/office/en-US/2195f3e7-ee42-4cd8-aeb7-0cb7acd27e84/onedrive-for-business-next-generation-sync-client-why-appdata?forum=Office2016ITPro

    37 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Preservation Lock enable and disable with special permission or at least with Microsoft Support.

    Preservation Lock can be set so easily that if you click on the policy on the right it will give you the option of on and Off resulting in a lock that even Support can not remove. Either provide a secure way of enabling disabling to the user or at least give it to Microsoft Support to do it on Client's behalf.

    325 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Signing Certificates

    Office365 has the market *********** to have a major impact on phishing email, by establishing PKI and making email signing certificates available to users. This would allow positive authentication of a sender and the integrity of a received message. Certainly this would be of great value within an organization, but beyond that Microsoft would be able to positively impact the overall security of the email climate.

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Emails Not Recoverable and Litigation Hold Limitations

    I had a staff member purposefully delete the sent items and deleted items of client emails that they forwarded to unknown recipients. I logged a call but Microsoft is unable to recover the emails that were deleted. Legal cases cannot be successfully won because of this. All emails must be retrievable on mailboxes, regardless of how users delete them.

    I was then told about Litigation Hold, which is now active on some staff - but the functionality is not available to Exchange Online users, it is only available for E3 users. This is a huge business risk as contractors can…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow endusers to access quarantine for shared mailboxes

    Currently, only admins can view the quarantine for shared mailboxes. Users are automatically redirected to their own quarantine. I'd love for there to be a default for users who are delegates of a mailbox to have a way to get to the shared mailbox quarantine queue. If they are allowed to view the inbox/folders they should be allowed to control the spam.

    2,133 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Available in PREVIEW  ·  91 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow you to change the name of a rule after Preservation Lock

    Simply allow users to change the name of a rule setup after the preservation lock is setup. The purpose of Preservation Lock is to block you from making the rules less restrictive. Not to stop you from renaming the rule which is inconsequential.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  9. Create a web form to submit malicious links for ATP SafeLinks

    Allow users to submit links for known malicious sites that can be flagged as such by ATP SafeLinks.

    After a recent phishing message that included a malicious link that was not flagged as such by SafeLinks, I opened a Premier case and sent the link, and Premier sent it on to engineering. A couple hours later it was blocked by Safe Links.

    There has to be a faster/more direct way to get malicious URLs blocked by SafeLinks!

    61 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    thinking about it  ·  3 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  10. Limit of 320 characters for links that are excepted in ATP

    currently there is a limit for 320 characters for all links that are excepted for rewriting. 320 characters are for all characters in all links not for each link
    We are in desperate need of adding more links to the exception list, but we have reached the 320 characters limit. It seems to me that it is bad design.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. office 365 does not work

    office 365 outlook doesn't sort, doesn't load, doesn't send, basically doesn't work. i have updated loaded, reloaded, reloaded, updated, deleted, reinstalled, updated, reinstalled, reloaded.

    doesn't work

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to roll back a folder to a specific date and time

    The ability to be able to roll back (restore) a folder to a specific date and time would benefit all of us. Recently when attempting to recover some emails that were deleted by a policy accidentally, it took a lot longer than it should have done, as the number of items in the mailbox was in excess of 26,000 items, and eDiscovery was unable to recover the folder heirarchy. If the deletion was traced, and could have been rolled back, this would have be a lot easier.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  13. Alert for new Mobile Device in Office 365 MDM

    Would like an option to either have an alert sent when a new mobile device is connected and/or a quarantine similar to the option in Exchange ActiveSync policies. This would allow us to check with the user to ensure that a previous device was not lost or stolen and/or remove unneeded devices from the list. Seems like a step back without those options.

    24 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. external user Reports

    Please provide detailed auditing of which files have been accessed by external users.

    42 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  15. When an email from an external sender is sent to hosted quarantine for any reason (i.e. attachment type), notify the sender with reason.

    We have a transport rule that moves external email with specific attachment types to hosted quarantine - so we can release them if we need to. We would like to be able to send replies to the sender - asking them to consider re-submitting their email with an acceptable document type such as PDF.
    We could do this if we simply blocked the message altogether, but the idea of hosted quarantine is that we can review and release if it is necessary, without involving the original sender.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow journaling into Office 365 mailbox

    Either sell a separate Journaling license if it is more expensive to keep journal on Office 365 and price the license according to data amounts like $10 per 100GB/month. Or have an option to put Litigation hold on all mail traffic going through the tenancy. Currently only mailboxes with licenses assigned can have litigation hold so getting those licenses for all shared mailboxes would help a little but would be very costly as shared mailboxes will not need the office or any other licensed features. Even when licensing all shared and user mailboxes, that would not keep the mail that…

    75 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow hosted quarantine timezone to be set

    Allow O365 admin to set the timezone for the hosted quarantine. Currently we are stuck with UTC being displayed.

    38 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Auditing for Onedrive site collection access

    There is no way either through compliance portal or the O365 Management APIs to find who has administrative rights to individual OneDrive site collections or have made changes. The only way is to browse an individuals onedrive and check the site collection administrators there.

    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Make Office 365 Audit Log Report more effective and workable

    The audit log report is now very basic as it shows Date and Time,User, Action, Detail with a Detail which is an unreadable and unprocessable portion of text hiding more information. The report can be much improved by providing structured relevant information, so that it can be further processed more easily.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow access to email but not SharePoint and OneDrive

    Can you only allow access to email while still blocking SharePoint and OneDrive? Reason being that most clients feel that only a few files are sent through email and at risk, and are more concerned about protecting libraries of files that are in SharePoint and OneDrive.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base