Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Tisax

    Can you obtain a TISAX (Trusted Information Security Assessment Exchange) certification? European automakers are requesting this certification and using Office 365 makes it difficult to comply.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. Security and Compliance center not allowing me to save notes and updating itself after did enable the actions required

    Security and Compliance center not allowing me to save notes and updating itself after did enable the actions required. It cause my score as well. I've generated ticket for the same but they told me to raise this issue here. And may I know the ETA for the same. Waiting for your response.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. To allow DUO MFA with the Attack Simulator in Security and Compliance

    To add DUO MFA as an acceptable MFA option to run the Attack Simulator in Security and Compliance

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  4. When using Sharepoint lists, sync'd through OneDrive on Mac, ALL deleted items go into Trash

    When using Sharepoint lists, sync'd through OneDrive on a Mac, ALL deleted items, no matter what the permission level in SharePoint, are sync'd to all user's local Mac Trash bins. This causes potential compliance breaches with users being able to access confidential information. According to MS support this is a 'feature' and cannot be disabled. I suggest that there be an option to disable this.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. Sensitivity Label settings should be separate for emails and documents

    Settings should be adjusted in the Sensitivity Label policy to have separate settings for emails and for documents. There is currently only one setting to require a label for both documents and emails.

    There should be two separate configurations - one to ask if labels should be required on documents (and what default label should be applied). Another should ask if labels should be required on emails (and what default label should be applied).

    During initial rollout, the first focus is on having users label their files, and pushback will be received when all users have to change the label…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  6. Compliance score actions aren't able to be completed when its an Automatically Monitored action

    We're looking to follow some improvements as guided from the Microsoft Compliance Score. As an example: Improvement actions -- Allow Mailbox Delegation Only When Authorized. I understand the requirement, and have run PowerShell scripts to get data, and I'm satisfied that all the current delegates are Authorised. However, as this is an automated test, there does not appear to be anywhere where I can acknowledge this as complete or acceptable etc? And so the score remains unaccounted for? Is there a way to update this and other Automatically Monitored actions?

    When they are not Automatically Monitored actions, there is an…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. Office Online Archive - Set exemption for Calendar, Tasks, Flagged item

    Once you enable online archive for user mailbox, all items (mails, tasks, calendar, flagged mails, Notes) in mailbox are getting moved to online archive. Once Task, Calendar or flagged items are moved to Online Archive, it doesn't appear in to do list/bar or User doesn't receive any reminder for such tasks.
    Pl provide a filter while creating Archiving policy to exclude such items. If we can apply such a policy to specific users that would be great.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add CIS Benchmark for O365 & Azure to Compliance Manager Templates

    Please can you add the CIS Benchmark Template for O365 & Azure in the Compliance Manager.

    Thanks!

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable the Alert Policy to capture the user logon activity

    Audit Log Search -> New Alert Policy
    The option "User Signed in mailbox" doesn't work.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  10. Fix Supervision add-in (Supervisory Review v2) for Webmail

    The Supervisory add in within webmail is broken since the latest updates were done. The add-in was a really good feature that allowed compliance admins to perform supervision via webmail in case there are more then one supervision rules. The outlook version doesn't work better then the webmail version as it requires to create a new profile per supervision rule. Doesnt suit in case an organization has many supervision rules. Would really hope if this could be fixed soon.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  11. compliance manager

    GDPR - "Statement of Applicability"

    I'd like to see a statement similar to what we are familiar with in ISO27K - addressing which controls are excluded from Annex A.

    With regards to GDPR I'd rather go for which Articles are not covered and why. Otherwise there will be endless discussions for completeness.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  12. Compliance manger needs localisation -- german

    Compliance manger needs localisation -- german and referal to german DSGVO terms

    legally you cannot expect from german non certified lawyers to "translate" e.g. must into have to or shall or maybe etc.
    So I would expect Microsoft to do this and match it against local DSGVO laws incl. German regulations

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Need to add DFARs to this.

    Please add DFARs compliance score to this tool.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. To have a separate domain whitelist for Sharepoint and Onedrive

    There are situations where Admins will want to restrict Onedrive sharing to within a set of domains while selective sites in Sharepoint to have the ability to share out to more.

    This is current not possible and a compromise has to be made for this compliance requirement.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  15. Additional compliance standards

    Additional compliance controls could be added (ie, ISO20000, CMMI, etc) that can be self managed but could be a hub for all compliance activities. For those of us having to comply with multiple standards it's difficult to split assessments and management across multiple tools.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. We would like to request improvement in the behavior of Internet explorer 11 where [sensitivity labels] is not displayed.

    We have confirmed that [sensitivity labels] does not appear on IE 11 in multiple environments.
    Therefore, we request that you improve the behavior of not being able to display "sensitivity labels" in IE 11.

    <日本語訳>
    複数環境にて、IE 11 で [秘密度ラベル] が表示されない動作を確認しております。
    そのため、IE 11 で [秘密度ラベル] が表示されない動作の改善を要望します。

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enabling MDM to work with Pattern unlock mode on mobile devices.

    Enabling MDM to work with Pattern unlock mode on mobile devices as it does with fingerprint. not sure if it works with facial recognition but that is a thought as well. Improve MDM's security with today's technology.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow In-Place Archive mailboxes to be deployed automatically for new users

    There is no option in the Set-MailboxPlan to enable In-Place Archive Mailbox for new users by default.
    By enabling an option to do so in Set-MailboxPlan or adding a function to allow organization-wide setting for enabling In-Place Archive, it saves admin's time and work.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow for the creation of a custom sensitity type with Finger Printing in the security and compliance centre.

    Allow for the easy creation of a custom sensitity type with Finger Printing (like in Exchange Online) in the security and compliance centre. When DLP engines are merged, allow AIP to use "finger printed" sensitivity types as a condition for recommend or auto classification

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support PIM Roles

    Transition management of S&C access/roles based on Azure PIM roles to better support access management and auditing.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base