Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. safe documents

    Safe documents feature is too slow. For a large file > 400-500MB it can take 10 to 15 minutes to upload and scan. There needs to be some control over what gets scanned and from where, maybe there could be trusted locations and file size limits for scanning.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. EOP - Malware Policy - Add 'Sender/Sender Domain' exclusion/inclusion

    EOP's malware policy allows excluding recipients/recipient domains, but doesn't extend this feature for Sender/Sender Domain. As an example, we have a legitimate sender that sends us '.DOCM' files, however the Malware Policy quarantines it. My workaround is to remove the .DOCM extension from the Malware Policy and instead use an Exchange Mail Flow Rule to only allow that extension from specific senders. It's a workaround, not a solution.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  3. Microsoft to publish AKAMAI public IP's for CDN delivery

    Microsoft provides all Public IP's and URL's for O365 content.

    Microsoft use AKAMAI for CDN however these addresses are not made public to lock down network access.

    At present Microsoft recommend networks be opened/locked for the following list

    https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges

    Microsoft should also provide the public IP address list for the AKAMAI CDN's so that networks can be opened/closed in the same manner

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Want to obtain calendar permission and downloading activities via mailbox audit log

    It would be great if we could use the mailbox audit log to obtain calendar permission and viewing activities of the calendar and its attachments, and downloading activities.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  5. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Coauthor on desktop/mobile apps for labelled document.

    Its great function for SPO and sensitive label integration.

    But Co-authoring is not supported, so we hope it will improve for a good user experience.

    > Office desktop apps and mobile apps don't support coauthoring for files that are labeled with encryption. These apps continue to open labeled and encrypted files in exclusive editing mode.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Add OR boolean logic in DLP_rule conditions and exceptions section

    In general i like the update which you have rolled out for DLP.

    But while creating policy rules i see that the conditions are applied only in AND boolean logic. It would be better if we have the flexibility with OR condition as well. Because without this option, i see that we need to create multiple rules to achieve things that we need.

    For an Example:

    Say if sender is abc@abc.com, He/She sends a document to someone who is outside the organization. Assume that i use a Label "Confidential" which will be stored in document properties and i can…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  8. eDiscovery results for Microsoft Teams standard channels

    There should be a way for business teams reviewing eDiscovery results to be able to distinguish between different Microsoft Teams standard channels and their conversations. Right now, you cannot identify which standard channel the conversation took place in. (This is true of both Core and Advanced eDiscovery)

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  9. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  10. Identify folder container for emails from Content Search result

    Let content search show the folder where an email is residing so that we'll know if email is deleted or not, and not have to export it to know the folder container.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Approved Third Party Software

    Who can I talk to about adding a new third party provider to the "Archive data with a third-party" list?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  12. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. DLP report

    When we download DLP reports from the DLP portal, it doesn't contain the recipient mail ID in the excel. This limitation makes the existing DLP a weak solution, since Business heads will need the recipient mail ID in excel sheet to decide if the DLP incident is genuine or a false positive.

    The recipient mail ID will be in the incident mail triggered, but not having it in the consolidated report exported makes it of less scalable and of less use.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  14. User agent activity BAV2ROPC from deleted/purged user

    There is activity observed in office 365 audit log form deleted user or user that is deleted long back and dont exist in Azure ad.

    The user agent is BAV2ROPC and it shows logon as faultdomainredirect
    we need investigation report on thiis.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Audit Logs does not contain "Identity" for some activities (e.g. Update company)

    Had to dig in the Audit Log to find out a change related to "Company Name Change" in Office 365. We found the activity (Update company)but there was no Identity associated with it which brings down the value of having that entry. In order for us to act fast in such situations, we need to know who did it. Please improve this.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Auditing Problems

    The current problem is that the SIEM is receiving logs that states the following:

    • In-accurate logs regarding Sign-ins from outside of Original Country: these logs state that there is a successful login from outside of the Original Country
    • Delay in receiving the logs from Microsoft office365: sometimes the logs are delivered 24 hours after the event actually happens.
    • In-accurate logs regarding successful Sign-ins for users that does not belong to Domain

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Improve DLP Policy Analysis that should result filter word or activity.

    Office 365 have functionality to block words with transport rule on Exchange but it we could not find exact work which blocked.
    We have search manually and it is time consuming job. Office 365 have functionality to provide exact word on DLP policy and Exchange Transport rule.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  18. Is there a way to "white-list" quaratined e-mail from known providers?

    We have known providers the send us e-mails in regular intervals, or whenever we request services. They are now being qurantied for unknown reasons.
    We would like to "white-list" selected senders, so we won't miss their communications and do not have to go through a manual release process every time.
    Thank you
    Roger

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Kindly include the condition - 'Deleted Items' to retrieve ONLY deleted emails from search content of Administrator - protection.office.com

    Kindly include the condition - 'Deleted Items' to retrieve ONLY deleted emails from search content of Administrator - protection.office.com

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  20. Kindly include the condition - 'Deleted Items' (to retrieve all deleted emails) from search content of Administrator - protection.office.com

    Kindly include the condition - 'Deleted Items' (to retrieve all deleted emails) from search content of Administrator - protection.office.com

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base