Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Advanced Threat Protection (ATP) Whilelist - add wildcard support and/or extend the 320 character limit

    Advanced Threat Protection (ATP) Safe Links whitelist currently has a 320 character limit, and does not allow wildecards.

    Please either turn on wildcards for the urls or expand the 320 character limit to something much larger.

    193 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  2. Admin Notifications for Zero Hour Auto Purge (ZAP) actions.

    Need to have notification to Admins when ZAP takes an action on email.
    1) Need to know what was found and deleted
    2) Even more importantly, need to know what was found and WAS NOT deleted since it had already been read.

    176 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  3. Advanced Threat Protection Whitelist 2019

    ATP needs a way to whitelist inbound email (IP or domain) from being quarantined as malware. Back in 2016 this issue was resolved by adding exchange mail flow rules to add headers. However, this method no longer works, and Microsoft support (ticket 12611412) confirms that ATP filters before mail rules are applied, and there is no way to whitelist inbound IP's to bypass ATP malware filtering. The only options in the settings is based on recipient. In my case, I want to whitelist to allow a Security Awareness Training provider to send test emails to our users. ATP is incorrectly…

    131 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  4. safelinks whitelist domain with wildcard

    Safelinks currently requires you enter each url you'd like to allow through. I'd like to have safelinks allow a wildcard domain. for instance we get many emails from our own systems pointing to internal urls. sometimes those emails get distorted because the url's are listed in plain text and replaced with the safelink.

    I'd like to allow wildcard https://*.mydomain.com/* to allow domains such as web.mydomain.com/page and test.mydomain.com/stuff to go through with by making one simple rule vs theoretically hundreds.

    96 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  5. Block Office Files with Macro's

    We are getting numerous malware attacks with zero hour Office files containing malicious Macro's, these are often blocked within 60-90 minutes but some are still being received by users. The signature is changing regularly so they aren't picked up by your scanners despite the original virus being around 12 months old.

    We do educate the users not to open them and Macro's are disabled, but blocking the content at the gateway would be better.

    Some of this functionality was available in Forefront for Exchange.

    81 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  6. Advanced Threat Protection (ATP) - Allow to create custom malware alert notifications

    We need send a customized notification email message to recipients or administrators when a malware was detected by Safe Attachments.

    60 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  7. Advanced Threat Protection - SafeLinks - Create Submission Mechanism for False Positive Malicious Domains

    Advanced Threat Protection - SafeLinks - Create Submission Mechanism for False Positive Malicious Domains

    This idea would create a feedback / reporting mechanism for domains incorrectly tagged as malicious by the SafeLinks feature. We had an example of a partner domain that was tagged as malicious, had zero malware / good reputation / etc. (confirmed by Microsoft Support), and had no way to feed that information back into Microsoft for a review of the malicious domain list so it could be removed. Similar feedback mechanisms exist for false positive Spam and virus detections - URLs deserve the same treatment.

    57 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add recipient (TO:) on Malware notifications

    ΦSteps to reproduce
    ~Step 1:Set Notification when Malware is detected~
    1. In the Exchange admin center (EAC), navigate to Protection > Malware filter.
    2. Select the Default policy > Click the edit icon
    3. Click the Settings menu option. In the Administrator Notifications section, select the check boxes to Notify administrator about undelivered messages from internal senders and to Notify administrator about undelivered messages from external senders. Specify the email address.
    4. Click Save.

    ~ Step 2:Send a Malware mail~
    Access https://www.andymillar.co.uk/blog/2007/12/06/testing-your-email-virus-scanner-with-eicar/ and enter email into the box. Click Email Me EICAR!

    ~ Step 3:Admin receives the Malware notification as…

    56 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  9. Create a web form to submit malicious links for ATP SafeLinks

    Allow users to submit links for known malicious sites that can be flagged as such by ATP SafeLinks.

    After a recent phishing message that included a malicious link that was not flagged as such by SafeLinks, I opened a Premier case and sent the link, and Premier sent it on to engineering. A couple hours later it was blocked by Safe Links.

    There has to be a faster/more direct way to get malicious URLs blocked by SafeLinks!

    56 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    thinking about it  ·  1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  10. Return ZAP false postives to where they were foldered rather than Inbox

    When ZAP classifies a message it is moved to the junk folder. When false positives happen, these message are moved to the Inbox rather than the location it originally was before ZAP moved it to the Junk folder. This is very confusing for end-users because messages reappear in the Inbox after they have processed them (Accepted meeting invites [Deleted Items], Custom folders, etc). If ZAP, puts them back where it found them, this could be a seamless event for most end-users as it would go unnoticed (Foldered -> Junk -> Foldered; rather than Foldered -> Junk -> Inbox).

    37 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  11. XLSM file being flagged as Malware

    Prior to last week, we were able to send XLSM files within our organization without issue. Now xlsm files, not all, are being flagged as malware. I had a case open with Microsoft Support who had me change the file to an xlsx, which works but disabled the Macro's. We send this to people who may not be so tech saavy to rename files, and Executives in our organization.

    I would like to know why suddenly the file was blocked, why its being flagged as malware, and what we can do moving forward to prevent this. The data in the…

    32 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  12. Improve classification of "internal senders" in malware scanning

    I like that I can enable "Notify administrator about undelivered messages from internal senders" in the malware policy.

    I don't like that the malware detection engine has no idea if a sender is actually internal. It does simple domain-matching, which means that if someone is sending out malware and spoofing the sender address to pretend that it's from us, then I get notifications for days. Can't it at least do an SPF check?

    30 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  13. Whitelist domains for Advanced Threat Protection

    ATP needs a method for whitelisting domains because it can take a month or more for a false positive to get categorized and updated in ATP rulesets.

    You need to either give us a way to whitelist domains (so we can continue sending and receiving attachments), or you need to update definitions faster. I'm guessing adding whitelisting will be easier and more reliable.

    29 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow the option to forward emails caught my malware filter to quarantine for review. Allow the option to include the original attachment

    Title says it all. Allow us to redirect emails flagged by malware filter to the quarantine for review, and allow us to review the original email, including attachments.

    21 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  15. Common Attachment Types Filter

    It should be possible to make a dedicate Notification message for Common Attachment Types Filter. Now you can only use Notification Alert from Malware Detection Response feature. Now filtered file type send Notification Alert that Malware detected which is not the case. But file type blocked because our policy.

    19 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  16. 18 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  17. Common Attachment Types Filter mis-identifying the contents of .zip files as .jar

    The new Common Attachment Types Filter is a welcome addition to the anti-malware arsenal. The default configuration is supposed to block .jar files and allows .zip files. However, since they use the same encryption type, it misidentifies all .zip files as .jar files and blocks the message. Please add additional logic to distinguish between the two types, and allow .zip files that do not contain prohibited file types.
    (I submitted this as a bug to support, but they said it's Working As Designed, and suggested posting it to Uservoice.)

    15 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  18. Fix blocking of non-Java archives containing META-INF subdirectory

    .MUSX files, created by the Finale music notation application, contain a subdirectory named META-INF. From time to time, the Office 365 Exchange malware filter blocks them, falsely identifying them as .JAR files, which they aren't.

    14 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. Exchange Online Advanced Threat Protection Should Be Included

    Exchange Online Protection is a joke and does little to nothing to protect end users from malware infected files. MS touts Exchange Online as secure, but really it's not -- unless you pay more on top of what you're already paying for supposed security.

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  20. Implement A Proper Quarantine Mailbox for Advanced Threat Protection's Safe Attachments

    We're seeing tons of mail get caught by the Safe Attachments feature in ATP and the experience is horrible. The only way to monitor blocked attachments right now is to hope that the user notifies you that their email is missing an attachment or utilize the "feature" that allows you to copy all blocked attachments to another mailbox. Usually I check that and it turns out to be a false positive, but guess what, I can't forward it on to my user because it'll block it again. Recipient-based filtering is a terrible option and the whitelisting capabilities are another sore…

    10 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base