Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. O365-ProPlus - New GPO with an option like « Allow HTML rendering but disable JavaScript »

    Following case #20768628 on O365-ProPlus

    We'd like to ensure that JavaScript in body of e-mails will never be interpreted in Outlook.

    According to our phone call, we (unfortunately) understand that Microsoft cannot guarantee that there is no specifications mandating that Outlook must never interpret JavaScript in mails body.

    It seems to us that Microsoft should change the GPO with an option like « Allow HTML rendering but disable JavaScript ».

    Regardless the evolution of MS-Office suite(s), this option should always guarantee that JavaScript is neutralized in e-mail HTML rendering.

    Best regards

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Make the effect of actions in EOP quarantining of messages clearer.

    Currently it is not clear from the guidance supplied whether Remove From Quarantine will then let a user read the email in their inbox or whether it will result in the email being deleted. Hence, it is unclear which action a user should select between Remove From Quarantine or Release Message. Better distinction is needed to enable users to be able to make the correct choice, especially when they are happy about a sender so want to read the email.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. We have a requirement that, we need to provide the quarantine release option to particular end-users alone and not for all end users.

    We have a requirement that, we need to provide the quarantine release option to particular end-users alone and not for all end users. Now, we don't have an option to give for required user & the seeded functionality is either we can enable for all users or otherwise quarantine admin can be assigned but there is security issue in which there are chances to view other users SPAM mails too which is not correct.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. The Concept of "Event" in M365 'Records Management' is Way Too Convoluted And Error Prone

    We need an easy way to create "events." Just reading through the documentation gives me a headache, and really there is nothing about this flow that simulates a "real-life" event. Why can't we create an event and all the supporting labels, and minutia?

    This is far too complicated and downright strange in my opinion. E.G. "An event is a specific occurrence of a predefined event type. Event types are associated with labels that, when applied to content, classify the content as that specific type. If an actual event occurs, such as a user leaves your organization, you'll create an event…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. add ability to New-ComplianceSearch / Set-ComplianceSearch to copy results to another mailbox

    Add ability to New-ComplianceSearch / Set-ComplianceSearch to copy results to another mailbox

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. Why no UrlClickAction details?

    The Audit Log in O365 Security and compliance shows record types i.e. UrlClickAction: 2
    This isn't outlined on the literature online here https://docs.microsoft.com/en-us/microsoft-365/compliance/detailed-properties-in-the-office-365-audit-log?view=o365-worldwide

    Why?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  7. Machine ID Correlation

    Within the Unified Audit Logs, there is a field 'MachineID' when a Sync or FileSyncDownloadFull event happens.

    This Machine ID correlates to a specific endpoint.
    For investigations, we need to be able to correlate the Machine ID with an Azure AD or Intune device.
    Currently there is no correlation available.
    See: https://github.com/MicrosoftDocs/azure-docs/issues/55589, https://answers.microsoft.com/en-us/msoffice/forum/all/correlating-sharepoint-activity-to-a-specific/ba72b93c-4a8a-45c6-834a-74318f6de08e.

    I also created a support case which confirmed this.
    There are two solutions for this:
    - Include the Azure AD Device ID within these Sharepoint logs.
    - Add the Machine ID to the Azure AD Object ID

    In my opinion, the first solution is the…

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  8. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. For the message trace and the Extended report downloads, show the approximate completion time in the window

    The public information says that it would take a few hours to complete downloading the Extended report. But it would be great if we can see the approximate completion time and the status based on the search query, time range and others, because currently the status won’t be updated from NotStarted until the report was downloaded.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add Safety Tips tab in Anti-phishing Policy

    From Damian - Configuring Safety Tips for Anti Phishing
    https://www.powershellgeek.com/2020/06/05/configuring-safety-tips-for-anti-phishing/

    Add Safety Tips tab in Anti-phishing Policy instead of the link 'Turn on impersonation safety tips' in Actions tab

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. it would be great if MS can find a solution on auto download pictures from external sender instead of whitelist the sender

    it would be great if MS can find a solution on auto download pictures from external sender instead of whitelist the sender

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Read your comments!

    Listen to your customers and hear what they have told you! When i say that Niantic Labs/Pokemon Go are NOT phishing, I actually mean that I want to receive the emails. Do Not Block them!!!! Always Release them!!!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. MCAS DLP

    Can Exact Data Match (EDM) be extended to MCAS to improve support for the MCAS DLP policies. There seems to be distinct differences in the way rules can be configured in MS O365 Email and MCAS and we want our rules to match across our environments.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  14. Advanced eDiscovery jobs tab

    Advanced eDiscovery Jobs Tab show jobs that have run or are running. However, the details on this screen are not enough to identify which job it is that is running.
    Eg - "Adding data to another review" It needs to show which review set was being processed.
    Also - "adding data to a Review set" - I cannot identify which search is adding to what review set.

    Can there be more details added to the Jobs screen

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable filtering of IPv6 addresses

    The bad guys know that Exchange Online email Admins cannot filter IPv6 addresses in the Threat Management/Spam Policy settings. IPv6 is gaining widespread adoption as a superior, more robust transmission protocol but we Admins are unable to block incoming emails transmitted from published blacklisted IPv6 servers. This is a significant security flaw. Microsoft needs to enable filtering on IPv6.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Client-side control when Office Add-in website is not reachable

    When the website where Office Add-in is hosted cannot be reachable, from the manifest can have an alternative option. For example, instead of reaching out to the website, showing an error message to the end-user and proceed.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Configure available labels at the library/folder level

    After publishing a list of labels to SharePoint sites, we should be able to define which labels are available at the library level (or folders).

    It would be easier for end users to select a label from a list that make sense with the type of content in a specific library or folder.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. data investigation permanent delete of emails

    Currently in Data Investigations -- in the evidence tab -- actions. There is an option to delete emails. In the fly-out pane you have these options:
    Delete items from original locations (Preview)

    Items you selected will be deleted from where they're currently stored (mailboxes, sites, and so on). Users can still recover these items until the deleted item recovery period expires. Because items in an evidence set are copies of the original items, you'll still see these items in the set after they're deleted from their original locations. Learn more about deleting items
    Selected documents only
    1 items (2…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  19. S-MIME signed Mails

    S-MIME signed mails were wrapped as attachment if the "external mail disclamer" should be inserted. If the option is set to "ignored", it works but It is unclear what else is a reason to fall into this category...
    This dump down implementation kills the advantage of signed mails and make them potentially more unsecure then a "normal" mail...

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  20. Notification MFA Blocked user

    When a user gets blocked due to failed MFA login attempts there is no notification sent. A helpdesk may be trying to assist but not have any visibility of why the user is failing MFA.

    It would be useful to have this as an alert so when a user gets blocked in the Azure AD Blade:
    https://aad.portal.azure.com/#blade/MicrosoftAADIAM/MultifactorAuthenticationMenuBlade/BlockedUsers/BlockedUsers/

    Also a lower level RBAC role could be granted access to this such as Privileged Authentication Administrator as currently only Global Admin accounts can check to see who has been blocked.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Insider Risk Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base