Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Set user as 'not junk' from quarantine page

    Currently when emails go into Quarantine (after falling into the 'prevented phishing messages' category), I cannot release these directly from the summary email. Instead users have to follow the link to the quarantine section of, which allows them to release the message from quarantine, but doesn't give any useful option to add them to the whitelist/not-junk list.

    Could this be added please?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add time search in addition to date to new-complianceSearch and other eDiscovery tools

    Add time search in addition to date to new-complianceSearch and other eDiscovery tools.

    Add ability to search a specific time frame in addition to a specific date range.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  3. Improve the custom email and policy tips for user notifications

    Currently you are only able to customise the email subject, text and policy tip messages for user notifications that appear when DLP policy matches occur with plain text.

    Although this does recognise email addresses, it would be better if this was able to host rich text to include a more meaningful message.

    Taking this a step further, it would be better if you could have a custom message for each application too, without having to create duplicate policies for each app.

    For example, if you have a DLP policy that's applied to SharePoint and Exchange, having the ability to customise…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  4. Identify which items have been triggered in Event Based Retention

    We need the ability to identify which records in a SharePoint library (containing all records that have a specific category of event based retention label) have previously been triggered by an event, and which ones are still waiting to be triggered by an event. According to the response to a support ticket logged with Microsoft Support, there is currently no way to identify whether a record has been triggered and is counting down its retention duration or not, until the record eventually reaches the end of the countdown and goes to disposition review. Seeing as the records in our SharePoint…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. report phish

    When a user uses the Report Message add-in in Outlook to report a phishing message, it triggers all kinds of excellent Automated Investigation and Response things - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/automated-investigation-response-office?view=o365-worldwide#example-a-user-reported-phish-message-launches-an-investigation-playbook -

    However, we currently use a 3rd-party tool to report Phishing messages (KnowBe4 Phish Alert) because it can give the User positive reinforcement for reporting KnowBe4's test messages.
    I set up the KnowBe4 to also report to phish@office365.microsoft.com , but this does not trigger the Automated Investigation - although we usually do see a PhishZAP investigation a little bit later (presumably after the exchange backend has had time to crunch through the…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Detect specific pattern in HTML source code of mail

    Ability to match for specific regex in mail body html source code to detect technique that attacker used to evade detection and bypass EOP

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Suppress prepended External Email banners in preview mode

    Prepending email messages from external users is easy to set up and works very well. The problem is that when viewing messages on mobile devices the external message banner is all that is seen, and there is no way to preview the actual message without opening each message. If the banner can be automatically prepended to the body of an email message would it be possible to suppress the message in preview mode and only show it once the message is opened?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  8. Retention Policy - SharePoint - Allow Site Deletion

    With SharePoint protected by a retention policy users are not able to delete sites. We should be allowed to delete sites, yet content should remain discoverable via eDiscovery. For instance, I have a Team Site I no longer need and want to remove from my view. Or I created a test site to explain how to do something and I can't get it to go away. Modifying the retention policy to exclude sites to allow deletion is not a useful solution. Please fix.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. If you share files uploaded to OneDrive with external users, DLP will not detect them.

    If you share files uploaded to OneDrive with external users, DLP will not detect them.

    Upload the Contents file containing Sensitive Data to OneDrive.
    DLP will not detect sharing with external users.

    OneDrive's sharing function is a basic function that users use very naturally, such as attaching a file to their email.

    If Sensitive Data included Content is delivered to external users using OneDrive sharing function, DLP will request modification so that it can be detected.

    The only way to detect this now.
    1. Record file information with Sensitive Data in DLP Events
    2. Check if recorded file is an…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  10. Supplementary filters in Mailflow status report

    Today in the Mailflow status report we wan filter on few things.(dates, inbound/outbound/intraorg messages).
    https://protection.office.com/mailflowStatusReport?viewid=funnel
    Would be great if we could filter on at list domains to have a global view of a specific domain in the tenant.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  11. Remove and offboard devices from ATP Security Center GUI

    Need and function to remove and offboard devices from ATP Security Center GUI (https://securitycenter.microsoft.com/)

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Remove from Quarantine deletes message. How do I get a message out of quarantine? Poor wording.

    Articles from trade magazines that I recognize are not phishing but can be annoying so quarantine is a good first sort. However, I need an easier way to see the ones that I want to see.
    The selection Remove from Quarantine seems misleading.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. let us turn this OFF. I DO NOT WANT IT!!!! IT IS A PAIN IN THE A@#! YES IM SHOUTING

    TURN OFF THIS YOU DECIDE WHAT TO ENCRYPT FEATURE. i DECIDE NOT YOU

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ability to filter alerts by the "user" within Security and Compliance Center Alerts

    Currently within Security and Compliance Center, there is no way to search or filter alerts by the user who triggered the alert. The only way to obtain the user is to hover over the alert or click into each individual alert. It would be very beneficial to be able to search or filter alerts specific to a user in question.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Export extended fields from alerts to Graph Security

    The alert that is sent from Office 365 to Graph Security contains very little context for the alert.

    For example, an alert that triggers when a DLP policy is matchedfor an email sent outside the organization, the alert in Graph Security contains only the user who sent the email.

    In the SC&C portal, if you expand the activity list of the alert and expand more information there are fields such as "PolicyDetails", "ExchangeMetaData", and "EnrichedFields" that contain who the email was sent to, the messageID, the sensitive info types, etc. all of this contect should be in Graph Security.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add Message trace searches to audit logs

    Message trace is an important tool for troubleshooting certain mailflow related issues. However, we would like to be able to see who is running what queries and how often. Currently message trace usage is completely untracked an not auditable.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Search custodian by employee ID

    In Advanced eDiscovery we would like the ability to search for custodians by employee ID. There are many employees with similar names and it's time consuming to have to lookup their email and then come back to the portal.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  20. "Microsoft 365"<sender@contoso.com>

    Microsoft Connections email marketing 48

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

Feedback and Knowledge Base