Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Block logins from other countries

    It would improve security if we can restrict O365 logins to a specific geographic region. Or exclude specific countries if we identify major hacking attempts from those countries.

    3,549 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    197 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

    That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.

    That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.

  2. Phishing attacks using Office 365 compromised Accounts/ ATP safe links not working

    Hello Microsoft ATP Team,

    This is to bring to your notice that spammers/phishers have started targeting Office 365 Tenants which creates a mail loop between Office 365 hosted domains and these emails are getting circulated through which accounts gets compromised. We had a lot of incidences happening in our environment, As these emails are getting generated from the actual account hosted in Office 365 the email are considered to be safe and lands in users Inbox. We have ATP safe links policy in place however its not performing the job as expected. ATP is a great feature but we request…

    606 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    31 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    ATP does not consider mails from other Office 365 tenants, or even mailboxes inside of your tenant, as safe. The best way to put a stop to this is to follow the recommendations in SecureScore for your tenant; and report phishing mails to us promptly. Also, make sure that the sender is not allowed either by the tenant configuration or the user safelist.

  3. Preservation Lock enable and disable with special permission or at least with Microsoft Support.

    Preservation Lock can be set so easily that if you click on the policy on the right it will give you the option of on and Off resulting in a lock that even Support can not remove. Either provide a secure way of enabling disabling to the user or at least give it to Microsoft Support to do it on Client's behalf.

    284 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Ability to disable or enable Office365 Mail Protection

    I am not a fan of mail protection or its administration in a Hybrid environment and would prefer to use a mail-filter device.
    This is especially a pain due to the fact that legitimate messages are being sent to the Junk E-Mail folder by mail protection.

    257 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    try this instead  ·  13 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Give more detail on the TLS and Connector reports that are available in the Security and Compliance Centre

    Allow you to drill down and get more detail on the TLS report. For example, which domains are not using TLS, or which domains are only using TLS 1.0.

    246 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    21 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →

    1. Click into “details”.
    2. Choose “connector report”.
    3. Choose “request report”.
    4. Answer the questions in the wizard, clicking “Next”, “Next”, and “Save”.
    5. Wait for the report to come to the email address specified. It will contain the following fields:
    message_id, direction, sender_address, recipient_address, connector_name, connector_type, tls_version, tls_cipher

    With the Message_Id value, you can combine this with MessageTrace to get the Subject.

    If this does not help, please provide more information as to the scenario and detail that is missing. Thank you for the feedback!

  6. New function proporsal : Coping eDiscovery result to Discovery mailbox operation from S/C center.

    Operations from sc center that Copy eDiscovery search results to a discovery mailbox would be very useful.

    This operation is available only in Exchange Management Center.
    but we want to implement this operation in SC center too. Please consider this function.

    172 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    16 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →

    We now offer more simplified way to review content in Advanced eDiscovery. Please review documentation here:

    Review sets in Advanced eDiscovery (v2.0)

    https://docs.microsoft.com/en-us/microsoft-365/compliance/view-documents-in-review-set?view=o365-worldwide

    Note that the In-Place eDiscovery and Holds cmdlets in the EAC are now retired:

    https://docs.microsoft.com/en-us/microsoft-365/compliance/legacy-ediscovery-retirement?view=o365-worldwide

    We recommend considering the new review tool in Advanced eDiscovery.

  7. Attack Simulator: Phishing Login server URL detected by common browsers (Chrome, Internet Explorer, Edge) as "Deceptive" or "Unsafe"

    When clicking on the link produced by the Spear Phishing attack simulator in https://protection.office.com/attacksimulator (Phishing Login server URL), common browsers like Chrome, Edge, or Internet Explorer detects the site as "Deceptive" or "Unsafe". This results to a failed simulation as no user will attempt to click on "visit this unsafe site". Even if the users click on the link, that of which is recorded, the test will always have a 0% Success Rate.

    Is there anyway that Microsoft can coordinate with the common browsers to "whitelist" all their Phishing Login server URLs?

    142 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →

    The core cred harvesting URLs in attack simulator are allow-listed in SmartScreen (the technology used in Explorer and Edge), so they shouldn’t be blocked with those browsers. Chrome is usually the biggest problem, and Microsoft has been unsuccessful in convincing Google that they should include our phish training URLs in their default allow-lists. Instructions on how to deploy a client policy that allow-lists the cred harvesting URLs for Chrome can be found here:
    https://support.google.com/chrome/a/answer/7532419?hl=en

    At the moment, the following URLs are included in the M365 Attack Simulator:
    http://portal.docdeliveryapp.com
    http://portal.docdeliveryapp.net
    http://portal.docstoreinternal.com
    http://portal.docstoreinternal.net
    http://portal.hardwarecheck.net
    http://portal.hrsupportint.com
    http://portal.payrolltooling.com
    http://portal.payrolltooling.net
    http://portal.prizegiveaway.net
    http://portal.prizesforall.com
    http://portal.salarytoolint.com
    http://portal.salarytoolint.net

  8. Implement sensitive data ediscovery searches in Exchange Online

    Sensitive data searches for ediscovery currently work only in Sharepoint and One Drive. It also works for DLP in Exchange. This lack severely limits the usefulness of eDiscovery in Security and Compliance for Office 365.

    121 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow disabling of SPF checks

    As a user using both a dedicated security based ESP (Mimecast) with Office 365 Exchange, I have no need for many of the Office 365 security features.

    Most annoyingly is the fact that forwarding from my ESP fails the Office 365 SPF checks, because the sending domain doesn't match the IP range of the source any more.

    I wouldn't mind except Office 365 won't even allow me to disable SPF checking!

    This means a typical message is stamped with an SPF 'pass' from Mimecast and an SPF 'fail' from Office 365.

    This in turn could interfere with anti-spam rules within…

    115 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to perform eDiscovery collections for specific Outlook Folders

    I have a requirement from a large customer (85K users) that needs to be able to perform eDiscovery collections for specific Outlook folders. We can do date range and Full Mbx collections, but not specific folders. This was possible on-premises, but not in Exchange Online ????

    104 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  11. Threat Protection not scanning links within attachments

    Advanced Threat Protection is not blocking phishing links within attachments. These links are coming through in a higher frequency as pdf attachments which are scanned by ATP and in turn are allowed through because they are clean attachments, but the links embedded within these pdf files are going to phishing websites and people are clicking on them. ATP is not blocking these links. Please fix ASAP!!!

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. OneDrive Content search across Geos

    Currently, performing a content search of OneDrives across a multi-geo environment isn't possible, it only searches the default Geo, not satellite Geos. If you create a security compliance filter targeted at your satellite geo and put the eDiscovery person in the role, then they can search that satellite geo. Please update oneDrive content search to search across geos the same way that an Exchange mailbox search works, without requiring adding/removing them from security compliance filters. (This workaround was the result of working with Microsoft Premier support, so it's legit.)

    53 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  13. User based per-domain safe sender and blocked sender lists not functioning with EOP

    Having recently undertaken a support case regarding a user and their safe sender and blocked sender lists and it's interaction with EOP it would be useful if the per-domain aspect of these lists functioned as advertised.

    We have been advised by Microsoft Office 365 support that only per-user (email address) exceptions override the EOP content filter rules and not per-domain. This contradicts what is stated at https://technet.microsoft.com/EN-US/library/dn636911(v=exchg.150).aspx

    This states that:
    Outlook safe sender and blocked sender lists – When synchronized to the service, these lists will take precedence over spam filtering in the service. This lets users manage their own…

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Bypass ZAP feature for some Senders

    Currently ZAP can be disabled for the entire Tenant or some recipients but there is no way to disable or bypass ZAP for some specific list of Senders.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Muhammad, thanks for the feedback. Zero-hour auto purge respects the Safe Senders list of the Anti-spam policy. If there are specific senders which you do not want ZAP to act on, you can configure them as safe senders.

    Note that we recommend admins to be cautious when adding safe senders for both mailflow and ZAP as it can cause a security issue should the sender become compromised.

  15. Actually allow the SPF record hard fail and NDR backscatter hard fail to actually initiate a hard fail.

    We received a blatant phishing attempt which should have been classified as spam as the headers easily showed that the message itself did not originate from the legitimate sender. After sending the headers to Microsoft Engineers they stated that sometimes the message will still come through even though the SPF record hard fail flag was enabled in EOP.

    If you are going to call something a hard fail, it should act as if it were a hard fail, blocking the message entirely.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    We highly recommend using DKIM and DMARC in addition to just SPF. That said, this may be best worked via a support ticket so individual messages can be analyzed. As mentioned, it is completely possible that the issue is because of a whitelist or rule.

  16. Supervision Policies

    Make Supervision Policies a standard feature for Education A1 subscriptions. I think this would be a unique and powerful selling point for Office 365 in schools, especially with the latest Offensive Language intelligent filter

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow "or" logic in creating policies for email supervision

    Current logic in supervision policies is "and" logic. If you add more than one condition, all must be met. This means searching emails for a list of terms requires 2 policies - one for the message body and one for attachments. If looking for a specific list of works/phrases, it would make sense to look in BOTH locations - which requires OR logic as currently set.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  18. Use message header properties in email supervision policies

    I would like to exclude bulk mail from email supervision policies. Would it be possible to use some properties in the email header for policy conditions? In our initial testing, we're getting a large amount of newsletters and other bulk content.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  19. Provide support for Failover Smart Hosts

    Provide support in the connector routing interface to allow a priority to be assigned to Smart Hosts. This would allow for a failover situation between different providers. Similar to an MX record priority.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    try this instead  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. File plan CitationUrl length too small

    The max length for the CitationUrl field is 64 chars. This is way too small for a URL that will be referring to specific page. For example: https://www.gov.uk/government/publications/guide-to-the-general-data-protection-regulation. Please increase to 254 chars.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    thanks – the import file plan option is limited to 64 characters, but you should be able to edit file plan descriptors from the compliance center, from the create label wizard in the records management solution, and should be able to provide longer urls via that approach.

← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base