Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Advanced Threat Protection Whitelist

    Current Advanced Threat Protection (ATP) scans all non-standard attachments sent, even internally sent emails. This means it could take 30min to receive the a PDF file or scan the from the person in the office next to you. We need a way to create a white-lists and or transport rules for ATP in the same way their is for the spam filter. Either that or speed up the ATP process so it doesn't take so long.

    213 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    59 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    Please understand that ATP feature is actually detonating the attachment in a sandbox. As such, we believe that the protections offered by ATP are worth a few extra minutes. We believe that the worst performance issues with ATP are understood and are being addressed. That said, we also now have more features that will allow you the flexibility to decide what to do when it takes longer than you’d like. The documentation is still being updated, but you can check out the session from Ignite here:
    https://myignite.microsoft.com/videos/1339. There are several other sessions on this topic as well.

    For the ultimate in flexibility, you may also consider creating an Exchange Transport Rule that adds the header X-MS-Exchange-Organization-SkipSafeAttachmentProcessing to value of 1 under certain criteria. This will essentially disable ATP safe attachment scanning for rules which meet the criteria.

    For safe links, the header is X-MS-Exchange-Organization-SkipSafeLinksProcessing.

  2. Provide a real time report showing users that are currently blocked from sending external mail by EOP (i.e. are on the blocked sender list)

    With thousands of mailboxes we are constantly getting accounts blocked by Exchange Online Protection (EOP) because they have been phished. Once we reset the user password, we have varying levels of success getting them removed from the EOP blocked senders list when we open a support request in our tenant portal. We already receive email notifications when a user gets added to the block list but when we attempt to get them removed, we have no way to verify that they were removed from the list unless we wait for them to try to send an external email. We would…

    62 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Block Dangerous Extensions Found Inside .ZIP Files (Like Gmail does by default)

    One of the common ways malware gets distributed in through zip files that have dangerous files within them (Dangerous Extensions include: ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh.). This was/is a very common vector for the notorious crypto-locker virus as well as other malware. Currently, with transport rules, you can block "executable content" (as defined by Microsoft) and you can manually block file extensions of your choice,…

    25 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →

    Update: This feature is currently being deployed worldwide.

    Later this quarter, you’ll be able to easily select an option to filter common malicious attachment types. This will include items which are inside of a non-password-protected archive file as well. While some administrators will still opt to filter using more complex rules, this will be an easy option for administrators who would rather just block everything. See: https://blogs.office.com/2016/01/14/leading-the-way-in-the-fight-against-dangerous-email-threats/ for more information on this upcoming feature.

  4. Deliver SPAM to Inbox with a Prepended Subject Line

    Whitelisted domains and addresses still send junk email (SCL 5+). These emails must be delivered to the inbox to insure they are not missed, but should also have the subject lined modified so they user is warned that it’s SPAM. This will insure the delivery of email from important clients and warn the user so they can stay safe. Here is an example:

    We need to Whitelist the domains of our good clients to insure delivery. We also need to insure all emails sent to our NewJob@company.com distribution group, which new and existing clients use to send us new jobs,…

    20 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    Take a look at Safety Tips feature which rolled out last year. If this doesn’t help address your concerns, feel free to open a new item with a different title — the current title implies that pre-pend subject line feature isn’t available — which it is.

  5. I would request the development team to look into the possibility of excluding any spoofed email as the internal sender by your antimalware

    I would request the development team to look into the possibility of excluding any spoofed email address as the internal sender address by your antimalware engine while notifying the administrator.

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  6. Differentiate Bulk Email from High Confidence SPAM

    If you elect to treat bulk email as SPAM it is also classified as high confidence SPAM, which limits the actions that can be taken on other high confidence SPAM. For example, we would prefer to have bulk email subject prepended with [Bulk] and sent to junk folder and have other high confidence spam sent to quarantine or some other action.

    5 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    This is possible as the latest updates to the new Security & Compliance Center roll out in the next few weeks. In addition to different actions for bulk, we’ve also added action for phish as well.

    In the meantime, you can also accomplish this with a Transport rule by looking at the header which contains the BCL verdict.

  • Don't see your idea?

Feedback and Knowledge Base