Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Originating email Server owner signing

    Consider adding a feature to Outlook exchange/ O365 where the server owner can place an certificate signed digital signature and message digest on the MIME Parts of an email identifying the email as having been first uploaded by one of their servers. This email service provider certificate would identify the email as having originated on an approved server, making phishing and spamming much harder, since the email would have originated on the signing server.

    That way when a user receives an email from CocaCola.com, they have some assurance that the email originated on a cocacola.com server. Additionally the burden of…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Quarantine: Allow users to 'Blacklist Domain' & 'Blacklist Sender' & 'Remove All Messages From Sender' or 'Remove All Messages From Domain'.

    I would like a new feature inside of the 'Quarantine' that will allow administrators to 'Blacklist Domain' or 'Blacklist Sender' when you 'Remove Message' from quarantine.

    You already have this capability when you press 'Release message' (i.e. 'Add Sender To Your Organisations Allow List) and don't understand why there isn't the same capabilities for blacklisting.

    Another improvement would be to have a checkbox to either 'Remove All Items From Sender' or 'Remove All Items From Domain' after a user has blacklist a 'Domain' or 'Sender'.

    I work as an Information Security Manager and the amount of time spent switching between…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Every link is now marked as risk

    Currently outlook.com ATP just says every link I click is unsafe. Even those I email myself. This is just asinine. If one gets into the habit of just allowing everything because it's all legit, then the bad ones will get allowed too.

    Seriously, this needs a rethink boys.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. SMIME and Computers not joined to the SMIME domain.

    Not all users of a O365 environment can be joined to a domain that is part of the O365 infrastructure. Many of us use a website OWA access that belongs in a government domain, but are required to use their o365 email for all communication. Edge and Chromium SMIME extensions must work for external computers that are not joined to the domain, since millions of our corporate computers will never be joined to these domains. We remain stuck to 32bit Internet Explorer for SMIME. Either remove the domain requirement, take on the acceptance and control of domains that are acceptable…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Compliance Search property to bulk purge calendar items based on scheduled range.

    In situations where a resource needs to have meetings declined to make a resource unavailable for a period of time, administrators can only decline from within the calendar. Currently, there is no method to purge multiple calendar entries for a resource by a scheduled time range through a compliance search through PowerShell.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. Alert for unsual inbound mail flow

    We have seen organizations that we do regular email with have a single user, or multiple, getting hacked. In turn we will see a massiv increase in mail flow from this company. There should be an alert that we can setup that will monitor for unusual mail flow, like there is for outbound mail.

    Example @.com send 5-10 emails a day to certain mailboxes. Then we received 100-1000 emails in short order, like a few minutes, to multiple people in organization that have never received from this address

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. show browser used for user activities and more users.

    There should be more details in the audit log search results.
    It is better if the browser used by the user will be recorded to do the activity and if it is user initiated or there is a malware that has caused the activity.
    More details that will help in investigation of files will be helpful.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Search Content - File Type Condition

    Allow Exchange Online to use the "file type" condition(i.e. Generating a report for inbound emails that contains specific file types - html, docx, pdf). I was informed by MS support that the specific condition is only applicable to SharePoint Online and One Drive.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  9. Never retain 1:1 or 1:many chat messages in Microsoft Teams even for mailboxes on Legal Hold.

    Currently if a mailbox is on legal hold, all Teams chat messages are held as part of the legal hold policy. There should be an exclusion that allows chat messages to be handled separately and not retained. This would be similar to Skype for Business where it could be set to never retain messages.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  10. Loan and CD account numbers

    Please include Loan numbers in the U.S. bank account number definition. Most other types of bank accounts are in there but types of loans (mortgage, HELOC, etc)

    Also, certificate of deposit numbers

    Thanks

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  11. Why is there no template for Finma

    The FINMA check list is available for download, why can I not simply select and apply a FINMA compliance template for secure score

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  12. Antispam Inconsistent & Score Visibility

    Microsoft antispam inconsistent filtering is inconsistent. I've had several occurrences over the last few months where the exact same email is sent to a group of users. Some email get caught and go to quarantine and others go through as Not Spam.

    In troubleshooting with Microsoft, the first occurrence could not find any difference. In the second occurrence, Microsoft said that it was most likely the Source IP address was blocked for one message and not for the other address. OR it had to do with what email server received the email at Microsoft but was on a different anti-spam…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Connect Resolved Threat Investigations with Incidents in Microsoft 365 Security

    I would like that Resolved Threat Investigations in "Office 365 Security and Compliance" are synchronized with security.microsoft.com incidents so that, when the investigation is resolved or terminated, the corresponding incident in security.microsoft.com is automatically resolved / closed.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. docker

    Currently Cloud App Security only offers docker instances for On Premise Linux and Windows as well as Azure Linux. It would be nice to have an option to use a Container Instance instead of having to stand up IaaS to support this.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow content with Sensitivity labels using encryption stored in OneDrive to be discovered in eDiscovery searches

    The current tooling for eDiscovery does not allow for content protected with sensitivity labels to be discovered using eDiscovery.

    If MS’s eDiscovery tools cannot even see the documents, organizations would not be able to comply with any litigation hold obligations and discovery collection obligations. All/Most companies would face sanctions if it didn’t comply with preservation obligations and obligations to collect the documents and provide them to the other side as part of the litigation process.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Export all url as CSV

    Dear,
    Please move this idea under right subject, if i crete wrong place.
    I'm a secuirt/ firewall, url filtering etc admin.
    I'm defining urls for office 365 license, apps and another.
    Please check this address.
    https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges

    It is very difficult to copy addresses one by one. We need csv import option here. Thus, it will be much easier to import.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. alerte par sms incident Microsoft

    Recevoir par SMS les alertes incident Microsoft 0365

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Quarantined files on Classic OneDrive, Sharepoint cannot be downloaded and can be shared, moved or copied

    We can't download quarantined files on Classic OneDrive, Sharepoint, but we can share, move and copy.

    We have an organization that allows the file to be downloaded.

    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/turn-on-atp-for-spo-odb-and-teams?view=o365-worldwide

    Setting the parameter to false blocks all actions except Delete and Download. People can choose to accept the risk and download a detected file

    We also believe that quarantined files cannot be shared, moved or copied.

    Is it possible to modify the function?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. Provide ability to conduct an Audit on permission changes in a SharePoint list. ie I want to know who has changed permissions on a SP list.

    Provide ability to conduct an Audit on permission changes in a SharePoint 365 list. ie I want to know who has changed permissions on a specific SharePoint list. Audit log search does not allow for this.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Unable to download quarantined files on Teams

    We are unable to download files quarantined by O365ATP on Teams.

    We have an organization that allows the file to be downloaded.

    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/turn-on-atp-for-spo-odb-and-teams?view=o365-worldwide

    Setting the parameter to false blocks all actions except Delete and Download. People can choose to accept the risk and download a detected file

    Is it possible to modify the function?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base