Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Create Content searches based on message ID, Time, and null/blank subjects.

    Employee's send out emails with no subjects all the time, however I am unable to add a null/blank subject as a condition in content search.

    I am also unable to content search or filter based off of message ID.

    There is also no time option, only date, as a search condition.

    This makes content searching for an email with no subject a huge pain.

    Please add the ability to create content searches based off of blank/null subjects, sent time between X and Y, and based off of message ID in the mail headers as an option.

    198 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  2. MessageBind

    The action of when a message was viewed in the preview pane or opened by the owner of the mailbox is not logged by mailbox audit logging.
    Please have the "MessageBind" action logged for the owner.

    196 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    15 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Fix Advanced Threat Protection Attachment Scan When Email Is Auto-Forwarded

    Currently ATP fails to release an attachment (continually displays ATP Scan in Progress in place of actual attachment) when the email with the "stuck" attachment has been auto-forwarded by a user with an Out-of-Office rule in place within the same email domain. Strangely, the email attachment is scanned just fine from the auto-forwarding recipient and can be manually forwarded to any recipient, but if it's auto-forwarded, the attachment stays stuck in an never displays as available. This has been reported to MS Support who attempted a work-around (which failed) Office 365 Ticket #30126-5487056 .

    190 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    18 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Advanced Threat Protection (ATP) attachment scan delay too long

    When the Advanced Threat Protection (ATP) safe attachment policy is set to dynamic delivery, the attachment scan can take around 30 minutes. It just says scan in progress. this is way too long and severely impedes the work flow in a fast pace environment where the scans are needed the most. They should be designed to scan instantly.

    189 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. More Than 8-Character Minimum Password Requirement

    Allow for the current 8-character minimum requirement to be changed to something longer (i.e. – 10 or 12). Allowing for an 8-character minimum password length ensures mostly that.

    Changing character density from 8 to 10 characters increases offline resilience from less than a day to almost two (2) decades, and 12 characters to over a thousand centuries [ref: Gibson research Center’s ‘Haystack’ page - https://www.grc.com/haystack.htm ].

    Allowing administrators the option of lifting this minimum not only forces users to create potentially more secure passwords, but also allows them to use them longer without needing to change them… potentially until there…

    185 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable geofencing in Office365

    Enabling geofencing will be a good option to prevent access from different parts of the world.

    177 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Quarantine notifications, but no release functionalility

    Quarantine notifications, but no release functionality.
    We have currently setup the Spam quarantine notification messages for our employees. When they receive such an alert message, the users are able to release the captured messages. We would like to have the Quarantine alerts message to stay in place, but want to prevent end-users to release the messages. We want to force a 'second opinion' flow in between, to delegate this task to the Hygiene administrators. In such a configuration employees shouldn't be able to open the Quarantine URL either. Unfortunately we see some users are not able to see the difference…

    185 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. New function proporsal : Coping eDiscovery result to Discovery mailbox operation from S/C center.

    Operations from sc center that Copy eDiscovery search results to a discovery mailbox would be very useful.

    This operation is available only in Exchange Management Center.
    but we want to implement this operation in SC center too. Please consider this function.

    173 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    16 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →

    We now offer more simplified way to review content in Advanced eDiscovery. Please review documentation here:

    Review sets in Advanced eDiscovery (v2.0)

    https://docs.microsoft.com/en-us/microsoft-365/compliance/view-documents-in-review-set?view=o365-worldwide

    Note that the In-Place eDiscovery and Holds cmdlets in the EAC are now retired:

    https://docs.microsoft.com/en-us/microsoft-365/compliance/legacy-ediscovery-retirement?view=o365-worldwide

    We recommend considering the new review tool in Advanced eDiscovery.

  9. Increase security for MFA App Passwords – ‘flaw in security’

    There are a few security issues with App Passwords while using MFA. The security around App Passwords needs to be strengthened.
    First, App Passwords of all Alpha lower case is not as secure as the current passwords policies our users are using. By enabling MFA, our clients and users are complaining about the strength of the App Password.
    Second, App Passwords that can be re-used are lessening the password security of user accounts. This allows users to copy/paste or write down the password to be used again and again.
    Suggestions.
    - Increase the complexity of the App Password (upper case,…

    169 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enforce Microsoft Authenticator App Lock

    We would like to enforce the 'app lock' setting on the Microsoft Authenticator app to force users to either enter their device passcode or use biometric authentication before opening the app.

    This could be through an Intune app config or a built in setting.

    Currently if an unlocked device was compromised, the attacker would be able to circumvent account MFA security.

    169 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Audit report showing encrypted messages sent

    Messages are encrypted automatically according to rules. However, there is no way to confirm for audit purposes that a message was actually encrypted.

    165 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  12. Mailbox Auditing enabled by default

    We would like to have mailbox auditing enabled by default for all mailboxes in Office 365. We should not have to manually enable for new users as they are added (via PS). Can we not have a way of enabling this for all mailboxes on the tenant?

    164 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Email notification of Quarantined Emails for Admins

    In addition to the below feature, quarantine should have an email notification for Admins (option or to be enabled) so that they can review and can release or delete accordingly via a link that is included in the email. Cannot rely on end user to release...

    ————-
    Share: Updated feature: Email quarantine capabilities

    165 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. More details in message trace (client type and message class)

    On on-prem exchange servers, there are valuable information that are showing what client was used to send a message or meeting (like AirSync or MOMT, etc.), and Message Class (like IPM.Note or IPM.Schedule.Meeting.Request, etc.).
    This has proven to be valuable in determining some mailflow issues and would also be valuable information in Office 365 message trace.
    Thank you.

    156 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add multiple wildcard options to message trace capabilities

    Please allow for the ability to use get-messagetrace in combination with multiple wildcard scenarios. For instance, if I want to see @.co.uk via a PowerShell query.

    Example script
    $mystart = (Get-Date).addhours(-72)
    $myend = Get-Date
    Get-MessageTrace -StartDate $mystart -EndDate $myend | where {$_.senderaddress -like "@.co.uk"}

    This information use to be available with the ForeFront for Exchange on-prem solution and is still available with the Exchange on-prem Get-MessageTrackingLog function currently.

    149 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  16. Custom Safety Tips

    We would really like to be able to raise a few custom Safety Tips on inbound messages.

    For starters, it would be great to raise a Safety Tip on every message originating from an external sender, i.e. every inbound message. A simple safety tip that read "Notice: This message was sent from outside our organization. Please use caution with links an attachments" would work wonders.

    Another Safety Tip, perhaps with a warning level, to flag messages that fail SPF checks would also help.

    The idea is to provide actionable information to message recipients so that they can make better decisions…

    146 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow attack simulator to record results on non Azure joined devices

    We are trying to run the attack simulator in a hybrid environment but noticed it only records the results of users who opened an attachment if their device is joined to Azure. We currently have our iPhones joined so that test works but since our laptops/desktops are not joined to Azure we are unable to see the results. This is also an issue when using OWA.

    148 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Improve the flexibility of sensitive labels content markings

    We would like to have more formatting option when adding a header text like a left-aligned 10-inch margin.

    145 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow the ability to delete a retention label definition in S&C Center if 'Record' classification

    If you've created a retention label in the Security & Compliance Center and have checked the 'Use label to classify content as a "Record"' checkbox, I would like the ability to delete the label under certain circumstances. If I've never used it, it's not published in any policy, I should be able to delete it. I've set up several "test" labels with this checkbox checked and there is no way (either thru the UI or thru PowerShell) to delete the label definition. Example: if you create a retention label and select the 'record' checkbox, save it and then immediately try…

    143 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. Attack Simulator: Phishing Login server URL detected by common browsers (Chrome, Internet Explorer, Edge) as "Deceptive" or "Unsafe"

    When clicking on the link produced by the Spear Phishing attack simulator in https://protection.office.com/attacksimulator (Phishing Login server URL), common browsers like Chrome, Edge, or Internet Explorer detects the site as "Deceptive" or "Unsafe". This results to a failed simulation as no user will attempt to click on "visit this unsafe site". Even if the users click on the link, that of which is recorded, the test will always have a 0% Success Rate.

    Is there anyway that Microsoft can coordinate with the common browsers to "whitelist" all their Phishing Login server URLs?

    142 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →

    The core cred harvesting URLs in attack simulator are allow-listed in SmartScreen (the technology used in Explorer and Edge), so they shouldn’t be blocked with those browsers. Chrome is usually the biggest problem, and Microsoft has been unsuccessful in convincing Google that they should include our phish training URLs in their default allow-lists. Instructions on how to deploy a client policy that allow-lists the cred harvesting URLs for Chrome can be found here:
    https://support.google.com/chrome/a/answer/7532419?hl=en

    At the moment, the following URLs are included in the M365 Attack Simulator:
    http://portal.docdeliveryapp.com
    http://portal.docdeliveryapp.net
    http://portal.docstoreinternal.com
    http://portal.docstoreinternal.net
    http://portal.hardwarecheck.net
    http://portal.hrsupportint.com
    http://portal.payrolltooling.com
    http://portal.payrolltooling.net
    http://portal.prizegiveaway.net
    http://portal.prizesforall.com
    http://portal.salarytoolint.com
    http://portal.salarytoolint.net

  • Don't see your idea?

Feedback and Knowledge Base