Please add DNSSEC support for managed domains in Office 365 business (enterprise) plans

https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/13415532-dnssec-support-in-office-365

Please grant Partners the ability to access the Security and Compliance Center through the Partner Admin portal.

Under Classifications, a label created and marked as Record cannot be later changed or, more importantly, deleted by any administrator. As an admin can remove a document from bearing the status of record, they should therefore be able to delete a label with Record status. The combination of Record and Delete after 'x' years is very dangerous - not to mention a department may update their requirements in time.

The below is too great a restriction and renders the retention policy useless.

Groups selection confirmation

The specified groups will be expanded so that an In-Place Hold can be put on the mailboxes in these groups. Only the mailboxes that are currently members of these groups will be placed on hold. Mailboxes added to or removed from these groups won't be added or removed from this hold. After setting the group for the location, the new member changes for this group will not auto apply to this location settings. Do you want to expand these groups?

I have scripted out the entire eDiscovery process in E3 eDiscovery which allowed us to save time and money, and repeat searches with minor variations very easily. With Advanced eDiscovery, I am unable to do so. Please add powershell scripting support (or provide the documentation) so we can streamline our collection and export processes.

Retention Policies for Office 365 Groups currently treat all resources the same (i.e. Exchange and SharePoint). We need the ability to configure email items to delete after X years, but not delete documents stored on SharePoint.

Currently users with the ediscovery role can run search for content and download that content. Using the New-ComplianceSearchAction -purge -softdelete you can delete this content (which we use for deleting spam or malware emails out of mailboxes). We do not want our security operations team to use powershell to complete these deletes so we have to write a gui to provide this functionality. Please enable the ability to complete deletes within the SCC itself

please enable tls 1.3 support.
This will improve rtt times and improve privacy.

A keyword limit of 20 terms has recently been instituted in the Compliance Center eDiscovery searches. This limit is far too low and should be returned to an unlimited number of keywords (or at least a much higher limit like 100 keywords). This is negatively impacting the ability to do more complex searches in the Compliance Center.

currently any files protected with AIP encryption are unsearchable for eDiscovery. Please make these files able to be indexed and therefore searchable for ediscovery purposes.

Provide a mechanism to programmatically download the eDiscovery exports in Azure back to on-premise. Powershell cmdlets or command line parameters to existing eDiscovery download tool would suffice.

OME and AIP Encrypted documents stored in O365 data sources should be decrypted at export with Microsoft eDiscovery for compliance purposes

Access and Release quarantine messages of shared mailboxes that end-users belong to.

This will enable Self-Service capabilities that Protection.Office.com currently provides to own mailboxes.

Its useful for users having full access to the Shared mailbox to be able to manage their quarantine as well.

With notifications Off, this is a useful feature.

At some point to maintain PCI compliance we will need to disable TLS 1.0. I have been told more than one time that we cannot disable TLS 1.0 now on our hybrid Exchange 2016 on-premise servers without losing functionality. We need a patch or update that would allow us to disable TLS 1.0 and still have full Exchange functionality.

I like that I can enable "Notify administrator about undelivered messages from internal senders" in the malware policy.

I don't like that the malware detection engine has no idea if a sender is actually internal. It does simple domain-matching, which means that if someone is sending out malware and spoofing the sender address to pretend that it's from us, then I get notifications for days. Can't it at least do an SPF check?

Currently reviewers can be individual users, distribution or security groups, or Office 365 groups.

In many mid-size companies there isn't resources to have dedicated people to this.

It would be preferable to have the document owner receive an email notification that they have content to review, and decide next step.

We should have a feature where we can apply a default "Sensitivity Label" to all documents in a SharePoint Site Library or OneDrive irrespective of content. e,g, classify all documents in a SharePoint Library as "INTERNAL" irrespective of Content.

It would be nice to be able to remove TLS 1.0 from our current environments and be able to use our online services such as Skype for Business. Currently, we are unable to connect back to Skype after disabling TLS 1.0 in our environment. Is there a timeline for these changes?