Office 365 Security & Compliance
We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.
Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!
How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post
Thanks for joining our community and helping improve these features in Office 365!
Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.
-
Allow Admins to rename DLP Policy Names
Allow Admins to rename DLP Policy Names
Once a DLP Policy is created, the name is grayed out.
This means that a change of name will imply creating a new complex DLP Policy whereas, allowing a name change will save a lot of time and effort in creating a new policy due to a name change.78 votes -
Push DLPRuleMatch INFO when Policy Tip is shown (outlook online)
When a user gets a policy tip that their email contains sensitive data, they aren't allowed to send the email until they remove the data.
In this scenario the management api doesnt get notified that this event ever occured and can't tell that a user was blocked from working.Would like the send button press to be detected and to send a rulematch event to the management api.
69 votes -
Ability to view the data that triggered the DLP rule(s) inside the alerts in Security and Compliance center
Ability to view the data that triggered the DLP rule(s) inside the alerts in Security and Compliance center
When you create an alert policy for any DLP rules that are triggered, the alert itself does not show what original data triggered the alert.
It would be nice to have a hyperlink to the offending email/file(s) instead on having to rely on alternative means to find the data.
63 votes -
DLP Template for POPI Act - South Africa
Develop a DLP Template for compliance with POPIA (Protection Of Personal Information Act)
46 votes -
Report an issue button on Onedrive not triggering false positive event
From onedrive or sharepoint on the web. Sensitive data is blocked by dlp policy. I click into the policy tip, I click 'Report an Issue', issue is reported.
I see no evidence of it in the logs or protection.office dashboards. I checked DLP.All content and sharepoint content, 'DlpInfo' event should be sent to the logs, but I dont see them.
40 votes -
Allow DLP Policy/Rule name changes
When you name a DLP policy or rule within a DLP policy the name is no longer editable. It would save a lot of time and effort if we could change the name of the policy/rule after it is created rather than having to create the entire policy/rule again. Having to recreate a policy/rule just because we need to rename it, is not only inefficient, it introduces the opportunity for errors in the recreation.
26 votes -
Intelligent External Email Tagging
Currently the system blindly applies an “[External]” tag to an email subject and a notification in the message body. If the email is forwarded or replied to only internal email addresses, the message is again tagged as external, repetitively causing tagged to be applied, resulting a perpetual situation like this with the subject:
[External] RE: [External] RE: [External] Message SubjectThis is for a message that was originally from an external source that got replied to internally multiple times. At this point it is an internal email, but an "[External]" tag is incorrectly applied. The best way to defeat…
20 votes -
DLP - apply redaction as an action
Office 365 deals in data yet it is missing a vital function, data redaction. Most issues would never rear their ugly head if content was redacted. DLP can force content to not be downloaded among other functions, but there needs to be an action of redacting. Auto redact the content in question as an "action" that can take place in the system. If you have started adding this to Discovery holds, this needs to be a preventative in DLP. "Companies" know their system of record and where data is to be placed. "Users" usually have issues applying this,---this is where…
18 votes -
Exact Data Matching with Custom Sensitive Information Types: Raise maximum instance count from 100 to 500
The current maximum instance count for Exact Data Matching is 100. I understand this is for performance reasons, and this makes sense. This is also a setting that cannot be changed.
In the healthcare industry we need to send secure encrypted emails of medical record numbers and social security numbers to many insurance companies and authorized healthcare business associates. Many insurance companies require the format to me in an email, and they prevent the use of other technologies like OneDrive.
We have a policy with our previous DLP system (Symantec/Vontu) which allows more than 100 instances per email, but we…
16 votes -
DLP exported report must include recipient's email ID
When we download DLP reports from the DLP portal, it doesn't contain the recipient mail ID in the excel. This limitation makes the existing DLP a weak solution, since Business heads will need the recipient mail ID in excel sheet to decide if the DLP incident is genuine or a false positive.
The recipient mail ID will be in the incident mail triggered, but not having it in the consolidated report exported makes it of less scalable and of less use.
10 votes -
policy tips
DLP policy tips taking too long to be displayed.
30-50s mentioned in the official article is too long for an email, can we improve the response time and have the policy tips to be displayed timely?
10 votes -
Real-time detection and isolation of MCAS
MCA takes up to 12 hours to quarantine a file, so it should be improved to real-time detection.
In particular, I would like the detection process when files are uploaded to SPO, etc. to be as fast as Office365DLP.7 votes -
Move all DLP functionality from Exchange Online to microsoft 365 compliance
Move all DLP functionality from Exchange Online to microsoft 365 compliance
Currently only some functionality appears in the DLP section of Microsoft 365 compliance portal vs what is available under exchange online.
Eg. Conditions when building DLP rules and Actions to be taken if a rule is triggered vastly differs in exchange online vs the new microsoft 365 compliance
7 votes -
Redact sensitive information from DLP API Data
Sending DLP API data to a Splunk Server and would like to be able to redact sensitive information (eg:credit card numbers) from the logs.
7 votes -
DLP Quarantine needed for administrators
It would be nice to have a Email DLP quarantine that not only makes it easier for admins to view false positives, but release the blocked email if it is a false positive or is justified to send ASAP by the admins.
6 votes -
We would like to add recipients detail in DLP report and generate the report on daily basis.
We would like to add recipients detail in DLP report and generate the report on daily basis.
5 votes -
send user notification without email attached in Data Loss Prevention
enable sending an alert to the user that his email is blocked without the original email attached
5 votes -
Allow exclusion of SharePoint subsites for O365 DLP
You can only add DLP exclusions for SharePoint at the TopLevelSite and are unable to exclude any SharePoint Sub-Sites. This would allow more granular exclusion capabilities with O365 DLP
5 votes -
Add button to DLP policy to re-index/rescan files
We have noticed that when we make changes to a policy, it goes back and rescans everything in the location that the policy is applied to. Those rescans/re-indexes seem to create alerts in the tool as well as send admin alerts. This creates unnecessary overhead, confusion for the end user, and skews the metrics we collect.
We would like to see the product changed to be able to have a choice to rescan/re-index when policy is changed. Perhaps there could be a checkbox on the final page before saving changes that asks the user if they would like to rescan…
5 votes -
Add domian exception for SharePoint and Teams channel in DLP policy settings
Enabling domain as an exception for SharePoint and Teams channel for DLP policy
4 votes
- Don't see your idea?