Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow exclusion of SharePoint subsites for O365 DLP

    You can only add DLP exclusions for SharePoint at the TopLevelSite and are unable to exclude any SharePoint Sub-Sites. This would allow more granular exclusion capabilities with O365 DLP

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  2. external messaging audit log

    We are not able to obtain audit log for external messaging in Outlook on the web. Please make it possible to obtain external messaging details in audit log.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Malware test file in publicly available information doesn’t work

    *English follows Japanese

    ■Title(件名):
    公開情報のマルウェアのテストファイルが機能してない
    Malware test file in publicly available information doesn’t work


    ■Description(内容):
    https://docs.microsoft.com/ja-jp/microsoft-365/security/office-365-security/safe-docs?view=o365-worldwide
    上記の公開情報の内容に沿って ATPを設定したが、マルウェア テスト用に配置されたファイルを SharePoint Online や OneDrive for Business にアップロードしてもマルウェア判定されないため、改修が必要

    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-docs?view=o365-worldwide
    We set ATP according to the above information, but the file put in place for malware testing is not judged to be malware even if it is uploaded to SharePoint Online or OneDrive for business, so this needs fixing.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  4. I would like a function for IT alerts, so that user will be notified if their mailbox get granted full admin rights

    I tried to set an alert so when a user's mailbox get full access granted, user will receive an email informing this has happened. currently, only administrator will get an alert when addmailboxperssion is granted. but we think it's good user should get an email also. However, this is not available in o365, and I couldn't find a get around to achieve the goal

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. It would be nice to have the ability to encrypt a spilled message versus having to delete it.

    If we could deem a message as unrecoverable by encrypting it, we would save countless hours trying to remove the message from the Non-IPM subtree.

    Currently it takes 4 hours to turn Single Item Recovery and Litigation Hold off. We then need to increase Deleted Item retention, and stop the managed folder assistant off. Then destroy the message, and put the mailbox back in its original state (another 4 hours)

    If we could leave all of the holds, and Single Item Recovery in place, Delete the message to the Purges folder, then encrypt it we would save a minimum of…

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. Send an email to user when admin triggered manual investigation

    Send an email to user when admin triggered manual investigation of email of one user

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Content Search - Saved Search review

    How about modifying the UI so that it's not necessary to scroll to the bottom of the saved searches list in order to refresh the list itself?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  8. Report Message add-in not showing for delegated mailbox in Outlook

    We got Report Message add-in enabled for everyone in organization, and everyone see it, but only for theirs own mailboxes. When delegated mailbox is opened addin disappears

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Activity log relating opening file which is marked as threat

    If ATP detects any suspicious file, it opens in the protected view. In this scenario, I would like to know by whom and when this type of file has opened. I want to use audit log to obtain information related to this activity. Also, I would like to create an alert policy to let admins get notification if any user opens this type of suspicious file in the protected view.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Desktop application sign-in logs

    I would like to use Microsoft 365 audit log to obtain sign-in report of desktop applications such as Excel, Word, PowerPoint.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Fix EOP Quarantine Email Bug

    The daily Exchange Online Protection quarantine email has a typo in it. It states "X messages are being held for your review as of <date time>". This is incorrect as it only counts the new messages in your quarantine in the last 24 hours. Either update the count so it counts all messages in the quarantine (rolling 30 days) or reword the email so it describes that count as only being for those in the last 24 hours.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Audit log search for SendAs and SendOnBehalf permissions on mailbox not returning any results; NO DATA AVAILABLE

    When Searching Audit Logs for exchange activity, specifically SendAs or SendOnBehalf, there are no results returned. The logs have to be retrieved by going to the Exchange Admin portal > Compliance Management > Auditing > Export Mailbox Audit Logs.

    This should be part of the protection.office.com Audit Search feature, especially since there are the options to check those boxes in the search criteria.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  13. More Detailed End User Email Quarantine Notifications

    Would like a way to add the message body, sender name and email address in plain text into the Exchange Transport Rule option to Notify the recipient with a message.

    We currently use an Exchange Transport rule to quarantine all .docm, .xlsm and .zip files and notify the recipient with a message to reach out to helpdesk to review and release if it's deemed safe.

    The problem I have is the notification doesn't give any detail such as the message body, the sender name and email address or what type of file was included. Only gives the subject line. This…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Suggest White Sites

    Currently I am getting group messages from within our organization blocked. This is forcing me to go into the website each time to allow them. I'd like a feature which would say for future emails, this sender is OK to deliver.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ediscovery Search Results for email metadata should not include ALL documents from SPO

    Currently, defining a Custodian with their mailbox, OneDrive, and maybe even a Team or two in Advanced eDiscovery, then using that custodian as my search location to search for things like kind:microsoftteams, or kind:email, results in a hit on EVERY document in the defined SharePoint sites for the custodian. It should hit on zero.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Where can I find the dates the hold was acknowledged?

    Where can I find the dates the hold was acknowledged?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. 12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Unified audit of non licensed accounts

    Currently only licensed accounts (A1, A3, A5) show up in the audit logs of Security and Compliance Center. This means Room mailboxes and Shared mailboxes (which do not need licenses) do not show any audit log entries. It would be nice to have this in the unified logs instead of having to search the exchange logs for them separately.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add an "or" Condition Within Communication Compliance Policies

    In the communication compliance tool, it would be helpful to have an "or" statement in the condition field. For example, if we're trying to monitor communication based on a list of domains, you have to create a separate policy for communication received from specific domains, and a separate policy for communication a list of domains. We'd like to keep email threads together when monitoring for compliance, so including an "or" condition would help keep threads together and not split into separate policies (possibly causing duplication of effort when monitoring).

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  20. Retention Policy Onedrive Accounts. Exlude or include members of a Microsoft 354 group

    Retention Policy for Onedrive accounts
    it is not possible to add a Microsoft 365 group to the include or exclude list.
    It would be helpful to be able to enter a group instead of a URL for individuals to make the policy dynamic.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base