Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Suspicious Login Reports and Alerts

    Microsoft needs to include FREE reporting and alerts to paying office 365 subscribers. Apparently the azure reports that would be useful to office 365 subscribers require a paid subscription (according to the 2 tickets I put in with azure support)
    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-view-access-usage-reports.

    The office 365 audit log is a mess and doesn't give a clear picture of all suspicious activity for all users at a glance, e.g. logins from multiple geographies.

    Ideally, admins would be able to get alerts based on suspicious activity. We've had several users accounts get hacked and we've had no idea. People were logging in from…

    157 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
    • Audit report showing encrypted messages sent

      Messages are encrypted automatically according to rules. However, there is no way to confirm for audit purposes that a message was actually encrypted.

      100 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        11 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
      • incident

        Fix ATP Threat Explorer Incident Reporting

        We would like to use ATP Threat Explorer to mitigate phishing messages coming into our environment. The incident reporting does not build confidence in the tool. As an example I recently used it to hard delete 6 messages from our environment. The incident report did not give data for two full days. When it did, it reported status "Failed". However, looking at the report details, all six messages show hard delete status "Success", with no failures. Accurate and timely reporting of incident results will build confidence in the ATP Threat Explorer tool.

        63 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          2 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
        • Make secure score available to partners

          As a Partner I have access to the tenant of my clients. I'm not able to see the score of my clients tenant and check easily what changes need to be done and discuss this with my clients.
          I can only do this when I have an separate admin account of the clients tenant.
          Now with the integration of secure score into the compliance center shows a widget of the score but not the actions that needs to be taken. Please integrate the full secure score

          56 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            4 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
          • Retention Labels - Time Left - Report all files with label

            Hi,

            Would it be possible to have a report system or dahsboard, which would report on Time left of the retention period for all items or even just files that have a particualar label applied that the user has created.

            For example. A calculated column that shows the item, location, retention/deletion, time remaining before it happens, based on whether it was, either labeled, created, last modifed. (hope it makes sence)

            Currently you have to use the 'content search' area [search and investigation] and do the calculations there within excel on any given report.

            see the post here for some more…

            37 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              6 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
            • Allow adding metadata fields to pending disposition reports

              Pending disposition and completed disposition reports are lacking metadata required to be captured by Government organisations for all disposed documents. Can we have the following metadata fields available in all disposition reports exported from Office 365:
              • Unique identifier (document ID number)
              • File name
              • Date created
              • Creator/Author
              • Date last modified
              • Last modified by
              • Date of disposal
              • Disposal label
              • Disposed by

              It would be even better if system admins could add/remove metadata fields from all disposition reports.

              Unfortunately, until these fields become available in Office 365 disposition reports, document disposal won’t meet the…

              30 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
              • Optimize Mail Protection Reports for Excel 2016

                Could you please optimize Mail Protection Reports for Excel 2016 ?
                When I tried to install it, I get the notification that I must have Excel 2013 installed.

                30 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  3 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                • Message encryption audit log reporting

                  We need an audit log that will detail every message that came in and out and whether it was send using TLS or not. Ideally, the audit log would contain the following fields:
                  Message ID, TLS or SMTP, timestamp, sender, recipient, subject

                  25 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    3 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                  • Provide uptime report per tenant to meet auditor demands

                    Currently uptime reporting for O365 is only available as a quarterly global percentage. This does not reflect the uptime of our specific tenant, so we want to have an uptime report at the level of our specific tenant.

                    For important business solutions on SharePoint Online, we have a requirement to be able to report the uptime of that solution, since we need to guarantee a certain level of availability. The global quarterly uptime report doesn't provide this, since it is only a high-level average.
                    The global uptime doesn't mean that our specific tenant had that same uptime. Depending on the…

                    24 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      2 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                    • quarantine reports showing duplicate entries

                      Quarantine reports on threat management showing duplicate email. When searching it via sender email address it show correct email. There's a bug when viewing the list and it increase the number of items due to duplication.

                      19 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                      • Real-time Logging within Auditing

                        Audit logs in the security & compliance center are not populated or refreshed in real-time. Waiting for the audit logs to populate which could take up to 24 hours makes it ineffective with delayed data in order to track down issues/user activity/attacks/etc.

                        14 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                        • Public folders in Top sender and recipients report

                          Hi,

                          In the top sender and recipients report we notices the top sender is a public folder on our account.

                          After researching via message trace we saw a lot of HierarchySyncs between public folders. This is causing the public folder to be top sender.

                          It's not an actual mail that is being send but more a sync or ping.

                          I don't see a reason why these pings and syncs should be in the top sender report.

                          13 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add Site/Library/Folder filter to Dispositions Dashboard

                            The new Dispositions dashboard is a great addition to the Compliance Centre. At the moment though you can only filter by date range and label.

                            It would be really useful to have the ability to filter the dashboard further so that you can return, for example, all items that are eligible for disposition within a specific document library or folder.

                            When you extract the dashboard as a report to Excel currently, you are provided with the filepath to the item in the excel report so presumably it would be possible to use this information directly in the dashboard to make…

                            12 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                            • End User Notification for Retention Policies

                              Looking for end user notification when data governance deletion policies are applied to content. A visual indication within document similar to SharePoint on premises information management policy banner. It states that a policy is applied to the content, describes the policy (for example: A retention policy of deletion ten years after the last modified date has been applied to this content.) and indicates when the policy is met (for example: Expires on 8/21/2027).

                              12 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                              • Include HASH of malware in the mail protection reports

                                Include HASH of malware in the mail protection reports because the malware name (in the protection report) belongs to the anti virus company and it changes for different Anti Virus companies but the HASH does not change.

                                12 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                                • top sender filtering options

                                  I would like to see a update made to the filtering of the Top Send report in the Security and Compliance Center.
                                  Admins should be able to filter out such user accounts as Public Folder Mailboxes. This mailbox sends out transparent alerts from the Primary Hierarchy to the Secondary mail boxes. Because this is happening so frequently, this will always make the mailbox the top sender; not giving the admin a true reading of who the top sender is for the organization.

                                  11 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                                  • report the last time a distribution list was used

                                    I see the email usage reports but these reports are only for mailbox users. I would like the reports to include things like the last time a distribution list sent or received an email. Similarly a shared mailbox.

                                    11 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Make Office 365 Audit Log Report more effective and workable

                                      The audit log report is now very basic as it shows Date and Time,User, Action, Detail with a Detail which is an unreadable and unprocessable portion of text hiding more information. The report can be much improved by providing structured relevant information, so that it can be further processed more easily.

                                      9 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        4 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Update O365 Secure Score reports to new Azure AD Portal

                                        In the Office 365 Secure Score report, several of the "Reports" that are suggested to review still point to the old Azure AD portal. I know there is an effort underway to move the Azure AD functionality to the new Azure AD portal, but wasn't sure if these links were missed. Is there at least an equivalent report to manually review? Examples include "Sign-ins after multiple failures report"

                                        9 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Daily quarantine report - More flexible options

                                          The daily quarantine report needs to be more functional with the following options an administrator can set:

                                          1. Send repeated reports and frequency. Once a day, twice a day, etc. with time to set
                                          2. Send quarantine report email as soon as a new message appears
                                          3. In the quarantine report email show new and old quarantine emails

                                          9 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base