Office 365 Security & Compliance
We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.
Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!
How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post
Thanks for joining our community and helping improve these features in Office 365!
Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.
-
Phishing attacks using Office 365 compromised Accounts/ ATP safe links not working
Hello Microsoft ATP Team,
This is to bring to your notice that spammers/phishers have started targeting Office 365 Tenants which creates a mail loop between Office 365 hosted domains and these emails are getting circulated through which accounts gets compromised. We had a lot of incidences happening in our environment, As these emails are getting generated from the actual account hosted in Office 365 the email are considered to be safe and lands in users Inbox. We have ATP safe links policy in place however its not performing the job as expected. ATP is a great feature but we request…
603 votesATP does not consider mails from other Office 365 tenants, or even mailboxes inside of your tenant, as safe. The best way to put a stop to this is to follow the recommendations in SecureScore for your tenant; and report phishing mails to us promptly. Also, make sure that the sender is not allowed either by the tenant configuration or the user safelist.
-
Ability to disable or enable Office365 Mail Protection
I am not a fan of mail protection or its administration in a Hybrid environment and would prefer to use a mail-filter device.
This is especially a pain due to the fact that legitimate messages are being sent to the Junk E-Mail folder by mail protection.256 votes -
Allow disabling of SPF checks
As a user using both a dedicated security based ESP (Mimecast) with Office 365 Exchange, I have no need for many of the Office 365 security features.
Most annoyingly is the fact that forwarding from my ESP fails the Office 365 SPF checks, because the sending domain doesn't match the IP range of the source any more.
I wouldn't mind except Office 365 won't even allow me to disable SPF checking!
This means a typical message is stamped with an SPF 'pass' from Mimecast and an SPF 'fail' from Office 365.
This in turn could interfere with anti-spam rules within…
115 votesWhen you have another service scanning in front of Office 365, the proper thing to do is disable the Office 365 scanning altogether and (optionally) respect the verdict from the prior system. Once you do that, even with the SPF header, the mails will not go to the users’ junk folders.
-
Threat Protection not scanning links within attachments
Advanced Threat Protection is not blocking phishing links within attachments. These links are coming through in a higher frequency as pdf attachments which are scanned by ATP and in turn are allowed through because they are clean attachments, but the links embedded within these pdf files are going to phishing websites and people are clicking on them. ATP is not blocking these links. Please fix ASAP!!!
64 votesPlease report all spam, malware, URL, etc. issues in Submissions Explorer: https://docs.microsoft.com/en-us/office365/securitycompliance/admin-submission
-
User based per-domain safe sender and blocked sender lists not functioning with EOP
Having recently undertaken a support case regarding a user and their safe sender and blocked sender lists and it's interaction with EOP it would be useful if the per-domain aspect of these lists functioned as advertised.
We have been advised by Microsoft Office 365 support that only per-user (email address) exceptions override the EOP content filter rules and not per-domain. This contradicts what is stated at https://technet.microsoft.com/EN-US/library/dn636911(v=exchg.150).aspx
This states that:
Outlook safe sender and blocked sender lists – When synchronized to the service, these lists will take precedence over spam filtering in the service. This lets users manage their own…43 votesRefer to “Domains on the Outlook Safe Senders list aren’t recognized by Exchange Online or Exchange Online Protection” at https://support.microsoft.com/en-us/kb/3019657. All other Outlook safe sender and blocked sender lists’ iterations of safe senders, blocked senders and blocked domains are supported. For Safe Domains, the article lists solutions both for EOP Standalone and as part of Exchange Online.
-
Bypass ZAP feature for some Senders
Currently ZAP can be disabled for the entire Tenant or some recipients but there is no way to disable or bypass ZAP for some specific list of Senders.
26 votesHi Muhammad, thanks for the feedback. Zero-hour auto purge respects the Safe Senders list of the Anti-spam policy. If there are specific senders which you do not want ZAP to act on, you can configure them as safe senders.
Note that we recommend admins to be cautious when adding safe senders for both mailflow and ZAP as it can cause a security issue should the sender become compromised.
-
Actually allow the SPF record hard fail and NDR backscatter hard fail to actually initiate a hard fail.
We received a blatant phishing attempt which should have been classified as spam as the headers easily showed that the message itself did not originate from the legitimate sender. After sending the headers to Microsoft Engineers they stated that sometimes the message will still come through even though the SPF record hard fail flag was enabled in EOP.
If you are going to call something a hard fail, it should act as if it were a hard fail, blocking the message entirely.
25 votesWe highly recommend using DKIM and DMARC in addition to just SPF. That said, this may be best worked via a support ticket so individual messages can be analyzed. As mentioned, it is completely possible that the issue is because of a whitelist or rule.
- Don't see your idea?