Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow DLP rule exception for encrypted outbounds

    DLP rules do not allow an exception of the predicate "MessageTypeMatches" with the notify sender action. Doing so results in the error:
    One of the conditions you specified can't be used for rules where you want to notify the sender. Error details: The NotifySender action isn't compatible with 'MessageTypeMatches' predicate.
    I would like to trigger a rule on outbound matches unless the message is encrypted in order to enforce our internal policy compliance.

    441 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    16 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  2. DLP needs to be able to read OCR

    At the present time DLP is not able to read OCR documents, namely documents scanned to PDF. This is a GIANT, GAPING hole in terms of security. I have clients who have 100's of thousands of documents that contain sensitive information saved in OneDrive but no DLP policies can be applied to these documents, since DLP is not OCR aware. Please correct ASAP! Thanks!

    418 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable Transport Rule action for Distribution Group

    In Exchange Online or EOP, We cannot create a transport rule with the action set to Distribution Group.

    It errors as follows :

    The transport rule can't be created because group@domain.com, the recipient to be added by a rule action, is a distribution group. Transport rules can't add distribution groups to messages. To resolve this error, remove this recipient and specify a different one.

    Since there are workarounds to resolve, Can this be fixed directly without any error.

    355 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ability to add company logo images globally to all user signatures

    The ability to add a company logo or image to a signature as an admin globally for all users would be nice. Currently the suggested solution to append a disclaimer isn't ideal as it always posts the image to the very bottom of the email, not the signature. This doesn't work for a back and forth conversation thread since it starts stacking the image at the bottom.

    198 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow replies from encrypted email with ome v2 to automatically decrypt

    Adding encryption ome v2 (encrypt-only) to outbound emails with sensitive data detection is easy enough. However when that email is opened by the recipient and replied to, the email comes in encrypted to the sender, who has to go thru the process to decrypt. There is an option in the EOP rule to "Remove Office 365 Message Encryption and right protection" however fails since the predicate must match "The sender is located?" "Inside the organization". This is no problem with ome v1 but is not working with ome v2. Need to add the capability to decrypt those messages automatically.

    145 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow labels to be used in DLP policies

    Recently classification labels were introduced in the Security & Compliance Center to help with retention of certain types of data classifications.

    We also have Azure Information Protection sensitivity labels (personal, public, internal, confidential, secret).

    DLP sensitive information types are good, but it would be even better if we could simply label groups of data as sensitive and apply DLP vs. trying to determine they are sensitive via the DLP sensitive information types. This would remove the complexity of trying to create custom sensitive information types when the out of the box types don't meet your needs.

    134 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  7. DLP workflow

    DLP workflow - currently there is effectively no DLP workflow. You can block emails from leaving by implementing a DLP policy, but you cannot create a workflow where items violating DLP are routed to a DLP admin team who review it, and can then take further action (review, release, escalate etc). This is pretty bread and butter stuff, and we have had to abandon using 365 DLP (we are using Mailguard for this instead) because it simply can't do what we and our customers need. DLP is not a simple "yes / no" - we've received hundreds of false positives…

    132 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add centralized company signature with mail flow rule (in a new/reply/forward email)

    I think is a good idea to add company email signature at the end of the email with the mail flow rule.
    At the moment this thing is possible but when I reply or I forward an email, my signature appear at the end of all email not at the end of my message,

    121 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  9. Policy Tip Support for Rules with Sender/Domain Filtering

    Currently, Policy Tip actions are not supported when creating a DLP rule that has sender or domain filtering criteria.

    The error message states "The NotifySender action isn't compatible with 'RecipientDomainIs' predicate."

    We'd like to see this action supported so we can configure our rules based on our business requirements.

    109 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  10. add option to create a transport rule to send an automatic reply/response to a sender emailing a recipient in the organisation.

    need an option to send an automatic reply/response to any sender emailing a specific recipient in the organisation via a transport rule. the option is available in Exchange 2013 so should be possible in Office 365. a rule from the mailbox is not suitable as this will only send the response once to each sender. the mailbox is not monitored so customers should be sent an acknowledgement email to confirm that their email has been received.

    103 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide watermark capability for sharepoint online libraries

    SharePoint online and One drive for business is positioned to be used for collaboration with 3rd parties . Features like RMS provide the security for collaboration. In addition, I would like to see if Microsoft can provide the ability to watermark documents ( word, ppt, exchange attachments, excel etc) to maintain the integrity of documents that are shared outside the organization. In particular, if a library or folder is slated for sharing , I would like to have the option to enforce preselected watermarks ( for example :user id, corporate, brand or some id) across all pages of the document…

    90 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  12. Policy tips don't work in Outlook for some types of policy

    The documentation on policy tips states that the following tips are not currently supported in Outlook 2013 and beyond:

    We're currently working on support for showing policy tips for additional conditions. These include:

    Any email attachment's content could not be scanned
    Any email attachment's content didn't complete scanning
    Attachment file extension is
    Attachment is password protected
    Document property is
    Recipient domain is
    Sender IP address is

    Support for these tips needs to be added, as this makes the policy much less useful (for example, you can't set an "advisory" policy that attachments shouldn't be sent outside the domain as there…

    83 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  13. Exclude email accounts from DLP policies

    We would like to setup a DLP policy to prevent emails being sent containing NI/SSN information, with the option for users to override. However, we use Zendesk for client tickets which, when picked up in the policy, the override is seen by Zendesk as a auto-response and suspends the ticket.

    We tried to exclude email accounts related to Zendesk but it appears the options were only visible because we were setup for First Release content and the ability to exclude emails should not be possible.

    Please could this be added so that specific email accounts can be excluded from the…

    80 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  14. Create DLP Policy Based on Sensitivity Label

    Create a DLP Policy where you can add the Sensitive Label on it because currently, only Sensitive info type and Retention Label can be added

    79 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  15. dlp report

    We need to improve reporting for violations on DLP on exchange. We need to extract a detailed report containing information related to the source of the violation. For example, if the violation comes from exchange email we need source email and destination.

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable language support for Policy Tips in DLP/Security & Compliance

    Need the possibility to have Policy Tips for DLP rules in multiple languages when created in Office 365 Security & Compliance (as you can do in Exchange Online Admin). The policy tip should match the language you have in Office. Now it's mixed with the static text in the Policy Tip and the custom text you have entered in the rule

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  17. Introduce customisation to built in DLP rules (or allow exceptions to existing rules)

    We use DLP on email to assist in our PCI compliance. As an online payments provider, we often provide dummy credit card information to help our customers set up their APIs (typically 4444 3333 2222 1111). Unfortunately, despite this not being a valid card number, it triggers Microsoft's built in "Credit Card" definition resulting in 100s of false positives per week. We need to have this hard coded as an exception to the "Credit Card" definition, or, better yet, allow definitions to be customised and/or excluded from via. the Admin portal.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →

    As stan mentions below, this level of customization is certainly possible. There are many other tweaks you can perform based on your specific requirements. For example, you can only look for multiple cards together, or other identifying information like expiration dates. Please review the documentation and work with support as needed.

  18. Please change the disclaimer option!

    If we add disclaimer and having email conversation means, disclaimer is adding multiple times in the bottom of the email. It should add bottom of each email.

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  19. Modify Subject Line

    I have a transport rule to prepend EXTERNAL to the subject line when the message comes from Outside of the Organization.

    If I reply to that message, I would like to remove the EXTERNAL from the subject line.

    I can only see options to prepend or append but am interested in a way to remove what I put into the subject line so that our external customers do not see that designation in the subject.
    Maybe some sort of regular expression?

    I could just put a message line in the body of the message, but removing the word EXTERNAL from…

    58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  20. Transport Rules to Modify Email Display Names for External Email

    We want to be able to modify how external email displays in Outlook as a further step to combat phishing\spear phishing. Right now we can append text like external email to the subject or body of the message. Our InfoSec teams want us to be able to have the header read:
    Smith, John (COP-DAY) when its from our internal senders (traditional display name)
    But when its from someone external to our organization read:
    john.smith@externaldomain.com with NO display name or potentially false\spam\impersonated display name next to it to fool a user that isnt paying attention. Right now with Outlook 2016 it…

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 10 11
  • Don't see your idea?

Feedback and Knowledge Base