Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Force Modern Authentication

    The powershell command Set-OrganizationConfig -OAuth2ClientProfileEnabled $true enabled Modern Authentication methods for Exchange Online, allowing the ability to create Conditional Access Policies, which can require domain joined devices or MFA, etc. Unfortunately legacy Outlook clients just bypass this policy by falling back to legacy authentication.

    There is currently no way to REQUIRE modern authentication without using ADFS. We would like this feature!

    136 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Increase security for MFA App Passwords – ‘flaw in security’

    There are a few security issues with App Passwords while using MFA. The security around App Passwords needs to be strengthened.
    First, App Passwords of all Alpha lower case is not as secure as the current passwords policies our users are using. By enabling MFA, our clients and users are complaining about the strength of the App Password.
    Second, App Passwords that can be re-used are lessening the password security of user accounts. This allows users to copy/paste or write down the password to be used again and again.
    Suggestions.
    - Increase the complexity of the App Password (upper case,…

    132 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. More details in message trace (client type and message class)

    On on-prem exchange servers, there are valuable information that are showing what client was used to send a message or meeting (like AirSync or MOMT, etc.), and Message Class (like IPM.Note or IPM.Schedule.Meeting.Request, etc.).
    This has proven to be valuable in determining some mailflow issues and would also be valuable information in Office 365 message trace.
    Thank you.

    129 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  4. Increase Message Trace Limits

    Increase Message Trace limits from 5000 and 3000 (for detailed traces). Either increase the limits by default or allow a certain number of traces that include larger numbers of messages.

    Certain organizations rely heavily on running message traces for all of their messages.

    It is a requirement for our client to be able to trace all of their messages with detailed information and it's a clumsy solution to have to create a trace for every day out of the past 90 days (which they must do because they send and receive more than 3000 messages within a couple of days).

    130 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  5. Please offer command to purge emails from "recover delete" using content search

    Currently the "softdelete command when used like this: example
    "New-ComplianceSearchAction -SearchName "Remove Phishing Message" -Purge -PurgeType SoftDelete"
    Will send message to recover delete. I would like there to be there a Harddelete" to send them straight to purge so the user can not accidentally recover a phishing email and click on it.
    Please advise

    130 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. The PDF reader doesn't work with View Permissions and IRM enabled

    IRM and PDF support in office 365 is virtually non existent, Microsoft needs a native PDF application which supports IRM, and the current solutions to use Foxit or NitroPDF don't work when you attempt to give a user view rights with IRM enabled - which totally defeats the purpose

    130 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Security & Compliance Center PowerShell - ADAL Support for MFA

    PowerShell for Security & Compliance Center Needs ADAL Support, as right now it uses the Exchange connector to the Basic auth endpoint. Exchange Online PowerShell has an ADAL client now, where's the one for Security & Compliance Center?

    123 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. EMS Suite Licensing should be free for Government Tenants

    Government IT shops are an entirely different beast than from your typical commercial customer.

    An IT shop can range in size from 2-3 staff for a small city or 100s or 1,000s for a large city/county/state. Regardless of size in terms of staff or budget, ALL of us have an identical regulatory responsibility.

    Protecting critical infrastructure and services our citizens depend on isn't an optional activity. Why are the necessary tools contained in the EMS licensing suites not made available to Government entities free of charge? These are critical tools which must be utilized in order to best protect the…

    120 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable geofencing in Office365

    Enabling geofencing will be a good option to prevent access from different parts of the world.

    118 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow labels to be used in DLP policies

    Recently classification labels were introduced in the Security & Compliance Center to help with retention of certain types of data classifications.

    We also have Azure Information Protection sensitivity labels (personal, public, internal, confidential, secret).

    DLP sensitive information types are good, but it would be even better if we could simply label groups of data as sensitive and apply DLP vs. trying to determine they are sensitive via the DLP sensitive information types. This would remove the complexity of trying to create custom sensitive information types when the out of the box types don't meet your needs.

    118 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  11. Option to preserve contents of SharePoint recycle bins when a site is placed on hold

    Currently when a SharePoint site / OneDrive for Business is placed on hold items already in the recycle bins (site and site collection) are not preserved. Since the content of recycle bins can be technically recovered legal teams have advised that the contents of recycle bins needs to be preserved.

    This would also be consistent with Exchange Online where an in place hold does preserve the contents for the Dumpster.

    117 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add centralized company signature with mail flow rule (in a new/reply/forward email)

    I think is a good idea to add company email signature at the end of the email with the mail flow rule.
    At the moment this thing is possible but when I reply or I forward an email, my signature appear at the end of all email not at the end of my message,

    114 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  13. Prevent users from bypassing in-place hold for OneDrive for Business

    In Place Holds in SharePoint Online use the search function to identify items that are on hold. Users have the possibility to disable search for their OneDrive for Business:
    Select Site Settings -> Site Libraries and Lists, then select the Documents Library, select Advanced Settings, set Allow items from this document library to appear in search results = No

    Testing shows that disabling search bypasses litigation hold allowing users to delete items without preservation.

    Users should not be able to bypass in-place holds. A possible solution would be to prevent users from disabling search when their OneDrive is placed on…

    113 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow us to extract the unified audit logs more than 90 days ago

    Allow us to extract the unified audit logs more than 90 days ago

    I think that many large enterprises have this desire in security policy.

    109 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Quarantine notifications, but no release functionalility

    Quarantine notifications, but no release functionality.
    We have currently setup the Spam quarantine notification messages for our employees. When they receive such an alert message, the users are able to release the captured messages. We would like to have the Quarantine alerts message to stay in place, but want to prevent end-users to release the messages. We want to force a 'second opinion' flow in between, to delegate this task to the Hygiene administrators. In such a configuration employees shouldn't be able to open the Quarantine URL either. Unfortunately we see some users are not able to see the difference…

    109 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow replies from encrypted email with ome v2 to automatically decrypt

    Adding encryption ome v2 (encrypt-only) to outbound emails with sensitive data detection is easy enough. However when that email is opened by the recipient and replied to, the email comes in encrypted to the sender, who has to go thru the process to decrypt. There is an option in the EOP rule to "Remove Office 365 Message Encryption and right protection" however fails since the predicate must match "The sender is located?" "Inside the organization". This is no problem with ome v1 but is not working with ome v2. Need to add the capability to decrypt those messages automatically.

    106 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add ability to send the One-Time Passcode via SMS and NOT by e-mail

    Office 365 Message Encryption can be leveraged in case of a delegated inbox scenario. If an encrypted message is sent to a person who's inbox is delegated e.g. to a secretary the delegated has the ability to request a one-time passcode to the delegated inbox and so full access on the OME protected message can be gained.

    This scenario could be avoided by sending the one-time passcode using SMS because then the delegated has no access to the one-time passcode.

    105 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. Add download option to the Forwarding Report

    The recent addition of Mail Flow insights to the Security & Compliance centre is helpful. But the FORWARDING REPORT is missing the facility to DOWNLOAD the data, or to schedule the creation of a report on FORWARDING.

    Can you please look at the option to either allow the data to be downloaded, or for a report to be created/scheduled.

    Thanks

    104 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow disabling of SPF checks

    As a user using both a dedicated security based ESP (Mimecast) with Office 365 Exchange, I have no need for many of the Office 365 security features.

    Most annoyingly is the fact that forwarding from my ESP fails the Office 365 SPF checks, because the sending domain doesn't match the IP range of the source any more.

    I wouldn't mind except Office 365 won't even allow me to disable SPF checking!

    This means a typical message is stamped with an SPF 'pass' from Mimecast and an SPF 'fail' from Office 365.

    This in turn could interfere with anti-spam rules within…

    103 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Policy Tip Support for Rules with Sender/Domain Filtering

    Currently, Policy Tip actions are not supported when creating a DLP rule that has sender or domain filtering criteria.

    The error message states "The NotifySender action isn't compatible with 'RecipientDomainIs' predicate."

    We'd like to see this action supported so we can configure our rules based on our business requirements.

    103 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base