Office 365 Security & Compliance

← Customer Feedback for Microsoft Office 365

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

When an admin closes an idea you've voted on, you'll get your votes back from that idea.
You can remove your votes from an open idea you support.
To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".

Enter your idea

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

Improve message tracing in Exchange online

We have had a lot of issues with spam, whether its cryptovirus emails getting through, or good emails getting improperly blocked. Because of this, we need good message tracing (to find the emails), which we do not feel we have with exchange online. We would like to make the following suggestions:

1. Need to be able to trace further than 7 days back without a 4 hour wait per trace. Our previous message tracing system could go back the entire year nearly instantly, but we need at least 30 days without the 4 hour wait per trace. This was pitched as something that could replace our previous tracing system, and this does not do it.
2. UTC time is confusing in message tracing. It uses “AM and PM.” AM/PM in UTC time is ambigious since UTC time it used all over the world. So either use UTC, or fix the timezone to use our timezone automatically. It looks like very little effort was put into implementing message tracing if this made it past QA.
3. We would like more options in message tracing, especially completely basic fields like searching by subject. I would like to know how this was rolled out as an enterprise product without that a "subject" search field when tracing emails. Part of the reason it is so slow is probably because you have very few search fields to refine.
4. Overall speed improvements, even tracing back less than 7 days or less is slow (sometimes "spins" for several minutes", but more than 7 days is 4 hours+). We basically received a poorly formatted spreadsheet after 4 hours.

A premier case was opened for all of this, the features simply do not exist and its not a configuration issue. They did mention compliance center can help search for emails quicker, but does not trace.

We have had a lot of issues with spam, whether its cryptovirus emails getting through, or good emails getting improperly blocked. Because of this, we need good message tracing (to find the emails), which we do not feel we have with exchange online. We would like to make the following suggestions:

1. Need to be able to trace further than 7 days back without a 4 hour wait per trace. Our previous message tracing system could go back the entire year nearly instantly, but we need at least 30 days without the 4 hour wait per trace. This was pitched…
159 votes
Vote

Sign in
prestine

Your name

Your email address
Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

You have left! (?) (thinking…)
6 comments · Message Trace · Flag idea as inappropriate… · Delete… · Admin →

working on it · AdminO365 Compliance and Protection Feedback (Admin, Microsoft) responded

Thank you for taking the time to submit this feedback. Since there are multiple pieces and layers of feedback in this single post, it makes it more difficult than many to address. First, let us share a little about what we’ve been doing. Since this post was made, we have prioritized performance and reliability improvements for both Message Trace (inside 7 days) and Historical Search (typically outside of 7 days). We’ve added details to Message Trace that weren’t there before, decreasing the need to run Historical Searches inside of 7 days. For Historical Search, we have improved the results to be more clear for those who are not familiar with the Exchange Message Tracking log format. Additionally, while we get the total value of Message Trace, we’ve also prioritized reducing the constant need to search & destroy. We’ve made tremendous strides in effectiveness, even as the bad guys got more creative and aggressive. We’ve rolled out ZAP (which is the automatic version of ‘search and destroy’), and we’ve improved our compliance search capabilities. Hopefully you’ve noticed these investments.

But, we’re not finished. We’re working right now to address some of the complaints and confusion around the Message Trace admin experience itself. Our strategy is to continue adding more events to the Office 365 Graph API, and provide ways for larger customers to get at larger datasets faster. More than just providing you with raw data, we’re working on Security & Compliance features that reduce the effort involved and focus on specific tasks, like identifying which campaigns we’ve protected you from, and what suspicious activity you might want to beware of.

We also hear the feedback about improving subject based search, improving the retention time of Message Trace beyond 7 days, and continuing to improve performance. While we have nothing additional to communicate specifically in these areas at this time, we continue to welcome feedback and scenarios that helps us prioritize — know that we’re listening and we’ll continue working to improve these scenarios.
Thank you for taking the time to submit this feedback. Since there are multiple pieces and layers of feedback in this single post, it makes it more difficult than many to address. First, let us share a little about what we’ve been doing. Since this post was made, we have prioritized performance and reliability improvements for both Message Trace (inside 7 days) and Historical Search (typically outside of 7 days). We’ve added details to Message Trace that weren’t there before, decreasing the need to run Historical Searches inside of 7 days. For Historical Search, we have improved the results to be more clear for those who are not familiar with the Exchange Message Tracking log format. Additionally, while we get the total value of Message Trace, we’ve also prioritized reducing the constant need to search & destroy. We’ve made tremendous strides in effectiveness, even as the bad guys got more…
Disable TLS 1.0

At some point to maintain PCI compliance we will need to disable TLS 1.0. I have been told more than one time that we cannot disable TLS 1.0 now on our hybrid Exchange 2016 on-premise servers without losing functionality. We need a patch or update that would allow us to disable TLS 1.0 and still have full Exchange functionality.
15 votes
Vote

Sign in
prestine

Your name

Your email address
Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

You have left! (?) (thinking…)
1 comment · Advanced Security Management · Flag idea as inappropriate… · Delete… · Admin →

working on it · AdminO365 Compliance and Protection Feedback (Admin, Microsoft) responded

While it is likely that Office 365 will need to leave TLS 1.0 enabled broadly for the near future, we are rolling out TLS 1.2 by default which will allow us to publish updated guidance for Exchange on-premises. Please stay tuned to EHLO blog for further updates — several configuration changes will be necessary to ensure everything works smoothly.
Improve classification of "internal senders" in malware scanning

I like that I can enable "Notify administrator about undelivered messages from internal senders" in the malware policy.

I don't like that the malware detection engine has no idea if a sender is actually internal. It does simple domain-matching, which means that if someone is sending out malware and spoofing the sender address to pretend that it's from us, then I get notifications for days. Can't it at least do an SPF check?
25 votes
Vote

Sign in
prestine

Your name

Your email address
Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

You have left! (?) (thinking…)
6 comments · Malware · Flag idea as inappropriate… · Delete… · Admin →

working on it · AdminO365 Compliance and Protection Feedback (Admin, Microsoft) responded

We hope to have this one addressed within the next month or two.