Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Not sure

    Normally they are ****

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. dhiod,frlc,ndn

    sjd,gmcfmvdmcvmnfxb v

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Allow anyone with direct full access, or full access by group, to a shared mailbox to review its quarantine list emails.

    Allow anyone with direct full access, or full access by group, to a shared mailbox to review its quarantine list emails.

    We do security via groups to ease and make efficient security administration. The feature rolled out in May 2020 limits requires direct full access and then only allows to review one quarantined email at a time. Though an improvement, this needs to be improved further.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Better information about source/system in OTP-sms:es and authenticator requests

    Make it visible what system/source/purpose an OTP SMS or authenticator request is concerning.

    The current solution does not state more than the source "Microsoft" and the OTP. It becomes hard to verify that the purpose of the OTP is legitimate.

    As a reference you could look into Swedish Mobile Bank-ID where the name of the company or organization requesting verification is displayed as part of the request.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Transport rule for Alerts

    It would be better if there's a separate transport rule for Alerts.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add the ability to display company logo on Legal Hold Memos

    Currently any attempt to include a logo gif, jpeg, png file on Legal Hold Notifications results in an error, "The linked image cannot be displayed. The file may have been moved, renamed, or deleted. Verify that the link points to the correct file and location.” Supporting this ability would make customizing legal hold memos in organizations with multiple brands simpler.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add more Dynamic Tags to the Legal Hold Communications tab.

    Currently there are only 5 dynamic tags: Display Name (for the custodian), Acknowledgement Link, Portal Link, Issuing Officer Email, and Issuing Date. Add more please! Suggestions would be: Issuing Officer's Name (in first last format), Issuing Officer's Title, Legal Hold Title.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  8. Change the Display Name dynamic tag to first name first and last name last for Legal Hold Communications

    Currently the Display name is last name first. This looks bizarre on a legal hold memo.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make the sending of a Reissue notice optional instead of automatic when portal content is edited.

    In the Advanced e-Discovery module the system is set to automatically send a reissue notice when the portal content is edited. This means the portal content has to be completely edited and ready for viewing in one sitting. That isn't realistic for a complicated hold memo. Sending a reissue notice should always be an option.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  10. Provide an app for mobile follow-up of ATP alerts

    It would be good to have an app which can display the overview of all alerts. (Like it's being gathered in the security.microsoft.com)
    This makes it easier to know when you have to take action and open the portals when your on duty during evenings/weekends, or when you're on the road.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Enable SharePoint site tags for granular conditional access in MCAS session policies

    The SharePoint site tags for granular conditional access (preview) are really helpful, e.g. to direct a session to a SPO site with highly sensitive information to MCAS to apply session controls. However, it would be most helpful, if MCAS could use the tags in the session controls as well, so they'd apply to only sites with the specific tag (e.g. Level1). This way we could easily automate access restrictions and controls for sites which are tagged for sensitive content and allow less restrictive access for all other sites.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. When can we allow data access to the users with Reviewer Role?

    The current v2 platform only allows data access to users with the eDiscovery Manager role. The reviewer role does not work as expected and does not grant access to case data.

    This is an extreme limitation and is causing us to now look to select an alternative EDRM vendor.

    If you could provide an ETA or at least some assurance this issue will be resolved we can continue to invest development time in this.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  13. Remove the ability to classify a risky sign in as "confirmed Compromised"

    Because this blocks an account without any form of notification anywhere, even in Azure's Block/Unblock, this feature urgently needs to be removed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Advanced eDiscovery Reviewer Role

    After creating an eDiscovery Case I want to release it to my customers to view/tag/interrogate but not change. The Reviewer role should do this, but in v2 it does not appear to. A role is required to allow viewing/tagging etc, but leaving the data selection un changed is a major requirement to this software.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow deletion of Custodians in Advanced eDiscovery

    Currently deletion of custodians is not an option. However, this would be a valuable addition to allow for erroneous data entry and spec changes.

    Having a custodian in the list that is not required is mis leading.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. 폐기

    ******* man & bad maria girls of the national
    kill ㅗ or ㅜ
    if think death is so many happy
    many peoples wanna be
    to father big hades Hopkins
    from small hades Hopkins

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. enable exclusion for body of email for DLP policies

    We have credit card DLP turned on and need to have the ability to exclude test cards that get sent in the body vs real cards. I need a way to put in an exclusion list for cc numbers that will be in the body of an email that we all out while blocking real cards not on the exclusion list

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  18. Export Incident List from Microsoft Threat Protection

    Hi,

    There should be an export button on Microsoft Threat Protection (https://security.microsoft.com) to fetch the incident list directly from the portal.

    If not, provide a Powershell script to fetch the incidents

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  19. Please force re-authentication for Outlook client when the network has been changed

    It would be better if you could add a setting in Outlook client to ask users to re-authenticate when the network it connects to has been changed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base