Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow the use of a specific extension attribute to determine export naming convention for Search and Compliance export of pst file

    Per MS Case #:21712097 When a .pst file is exported from an eDiscovery search the naming convention utilizes an available entry from the EmailAddresses list with no priority given.
    When exporting on a search the naming conventions are randomly chosen. We would like to see some consistency when providing to outside council.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  2. Don't rewrite URLs with ATP Safe Links

    How about letting ATP Safe Links run its policy rules before delivering the email to the tenant's mailbox, and don't mangle it at all if it passes the security checks? Some tenants use email-based software development, and ATP Safe Links are a pain to deal with.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Digital Signature

    Microsoft should provide a digital signature capability to all office users. I have standardized on MS and should not have to go to some other vendor . It is a natural extension of your products

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Hacking

    Yes my EX husband has signed all my emails up to different things.I only use my email for work.Everytime I create a new email he gets into it and changes number and security info and PW.I created 5 in 24hrs the thing is he denies it he’s also doing identity theft impersonating people to try scam me on gumtree he’s made himself administer to my acc and has managed to get into my brand new iPhone new Apple ID emails ect.I have my phone locked away in a safe all the time and on Aeroplane mode.Livibg under same roof until…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Create a mechanism to wrap an OME Configuration to some/all encrypted emails but not every emai.

    "Ensure all external recipients use the OME Portal to read encrypted mail" in the article below is misleading. The instructions lead you to encrypting every outbound external message. It would be nice to ensure external recipients OF ENCRYPTED EMAILS use the OME Portal. Even better, ensure some external recipients (based on criteria like recipient domain) OF ENCRYPTED EMAILS use the OME Portal.

    https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-office-365-message-encryption?view=o365-worldwide#ensure-all-external-recipients-use-the-ome-portal-to-read-encrypted-mail

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. ประเทศไทย

    ปฎิเสธทุกข้อกล่าวหา

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Audit - Block Sign In & Sign Out of All O365 Sessions.

    Please can you add the ability to audit and capture the actor that triggers a Block Sign In, and/or Sign Out of All Office 365 Sessions Event.

    This will help to determine who initiated the action.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Use wildcards in Device User Agent quarantine rules

    It would be good to be able to use wildcards to test Device User Agents in mobile quarantine policies.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add attachment file names to transport log entries

    To be able to provide management with solid risk assessment data,
    we would like to get some idea of the types of file attachments that our users receive.

    Example:
    Extension 24Hr_Count MessageIDs
    .pdf 102 {messageID1}, {messageID2}, ...
    .docx 91
    .p7s 22
    .htm 17

    To achieve this, it would be helpful to have message attachment file names available in Exchange transport logs (and the Office 365 equivalient)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Flag or mark mails from domains users hasn't received mails from in the past

    It would help a lot against spear phishing, if mails received from a domain the user hasn't received mails from in the past is being flagged or marked somehow. This would make it a lot harder for hackers to use almost identical domain names for phishing

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow to save attack smulation templates with custom URL landing page

    Parentally we can not save the templates with a custom landing page. When we create the template and changed the landing page with a custom url, the url wont be saved after saving this templates.
    We have to remodify the landing page when we are lunching attack with this saved template.
    Please change this design, it's not reasonable.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1908

    I am on this site today logged in as an "administrator" for Microsoft groups "1908" yet I have never signed up for any of this. I am in need of Microsoft security. Not GROUP OR TEAM BUT. " SECURITY" CONTACTING ME NOW to cooperate with an online ongoing FBI investigation concerning activities by Microsoft (teams).

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  14. Extend Audit Log retention to 6 months

    Currently, if you are on a base M365 plan without Advanced Compliance then your audit log period is only 90 days. To extend this to 1 year you need to move up in licensing which is costly. I am proposing to increase the default retention to 6 months and if you need to increase to year retention then you need the add-on. 6months retention will align Microsoft with Gsuite as their default retention is 6 months

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Intelligent External Email Tagging

    Currently the system blindly applies an “[External]” tag to an email subject and a notification in the message body. If the email is forwarded or replied to only internal email addresses, the message is again tagged as external, repetitively causing tagged to be applied, resulting a perpetual situation like this with the subject:
     
    [External] RE: [External] RE: [External] Message Subject

    This is for a message that was originally from an external source that got replied to internally multiple times. At this point it is an internal email, but an "[External]" tag is incorrectly applied. The best way to defeat…

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  16. spoof domain name soundex report

    Report which detect similar domain name registered within o365 to avoid spear phishing attacks. Using Soundex example:
    @mydomain.com would report on new tenant with @myd0main.com - only provide public whois information in report
    Thank you

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow external users to see more than one message (all messages sent to them) in one session

    If I send an external user 2+ messages they receive links for each individual message. Can they see a listing of all messages that were sent to them? Asked differently, can they bookmark a landing page that gives them a central place to view all messages (that haven't expired) in one location?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Improve the flexibility of sensitive labels content markings

    We would like to have more formatting option when adding a header text like a left-aligned 10-inch margin.

    144 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow default label to be applied to all EXISTING files using "Security & Compliance" Auto-labeling

    Allow default label to be applied to all EXISTING files using "Security & Compliance" Auto-labeling.

    To expand this, assume there are 3 label High, Medium, Low. Rules are created to label (based on content) High and Medium files. A catch all rule for anything not label is required to apply the "default" label of low when another label is not present.

    While the creating of a new file will get the default label, the 1000's of existing content will not until it is opened and saved. This is not feasible in a large enterprise.

    MCAS rules, that can do this…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Be able to get online help without having to open up privacy settings.

    Be able to get online help without having to open up privacy settings. You cannot get help unless you agree to give up privacy... This is ridiculous in order to get help.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base