Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Glitsch in the segregation of user database in GDPR

    : When i today was managing the assigned user for the GDPR compliance in https://servicetrust.microsoft.com/FrameworkDetailV2/35413bd5-7b88-4356-b78f-e009dfa2ca4f is swiftly saw the userdatabase of a different tenant than mine on something dentalhealthservices... it was only visible for a few seconds. But i think there could be something wrong with the segregation of tenants in office 365 service trust portal.

    The issue happened when i was clicking assign user and the screen that should have shown me my own user database. Instead i saw the other tenants user database for about 5 seconds, and it dissapeared again.

    I was not able to recorde the…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add Security & Compliance Category to Message Center

    Updates to the Security & Compliance Center should be announced in the Office 365 Message Center and there should be a category for them so that Admins can include/exclude them

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Export MFA user details like authentication method and mobile number used to verify account login.

    This would help the admin know the Method used to validate MFA enabled user accounts.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Administrators (or recipients) should be notified when emails are blocked within ATP like Phishing emails

    Valid emails can be blocked within these policies and the user does not get a notification - in some cases this can cause operational issues eg meeting confirmations. Either notify the admins or give the users a 'No Action' type notification so they can at least contact their admins to look at the details of the email and consider a release.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Extend mailflow rules options add action : forward original e-mail content to recipient, but with stripped attachments

    This is something that most anti-spam/virus security systems allow, but I cannot find a way to do this in exchange online.

    For example, by default I do not trust any zips, nor the scanning of them. But 5% of zips are valid ones.

    For the moment I can only send all ZIPs to quarantine and inform the recipient with a second command that they received "some kind of mail with a zip from someone".

    This is too vague, I would rather the system would still send a copy of the original mail content to the recipient, but strip the zip…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  6. Need better documentation and clarification

    The auto save feature went away on excel and word (perhaps others, but I don't use them often and did not notice). After a full hour and ten minutes with help chat, I figured out what happened. This is shameful on Microsofts part, it really is.

    When you go into Account> Options> Trust Center> Trust Center Settings> Privacy Options> Privacy Settings all options must be selected yes in the final box 'Connected Experiences" or there is no auto save and who knows what else.

    Such a sham, if you want auto save, (one feature of 365 touted as a big…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  7. ATP impersonation safety tips Customization with different color highlitenment

    ATP impersonation safety tips Customization option must be enabled with different color preferably RED, so that the users who receive the email will beaware that the email is not genuine/phish/spam.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Stop requiring login to see news

    We are tired of constantly logging in to see what's new and available to us.
    When a mail is sent to me, I have to login as an admin to see the content.
    Our tenant is heavily troubled with hackers.
    I had to search Google to find a way to stop it, and also I found several links to security sub-pages on the Azure portal that I did not know about.
    What about giving us the real news in the mail message, and also auto-add new config pages to the portal, we can always remove them later.
    It's frustrating to…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Better management tools for ATP Safe Attachments

    There is no way to manage emails that are currently undergoing an attachment scan in ATP. If that service goes down or experiences performance issues, there should be a way to administratively release these attachments.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. In change password page please provide some guidance text on success or fail

    In Office365 Change password page please add some guidance text when the operation of changing password was performed with success or with fail. It only have some guidance while typing the password (from javascript on client side) but there is now guidance after you slick Submit button. After submtit the page looks the same as first time you enter the page. I do not know if the change was performed with success and then to use the new password, or the change was failed and I should still use the old password.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. If Sending to multiple recipients, it would be nice of the tool tip still appeared at the top of the message.

    ATP Anti phising policy puts a neat Mailtip on top of the message for one recipient - if to many, it puts in the footer in plain text, right after our disclaimer. That is pretty worthless.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Audit event is generated in Azure Information Protection manually tagged one way but should be automatically tagged another

    At present using Office 365 labelling to automatically label an email or file will only work if the user has not tagged it. If the user tags the file manually but automatic classification should tag it as another, the manual process overrules.

    There is no audit event generated for this, so a user could attach credit card numbers into a document, classify it as public and send it out. There would be no event generated which said it contains credit card numbers, only that it was classified as public.

    It should either:
    a) Override the manual tagging and classify it…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow you to change the name of a rule after Preservation Lock

    Simply allow users to change the name of a rule setup after the preservation lock is setup. The purpose of Preservation Lock is to block you from making the rules less restrictive. Not to stop you from renaming the rule which is inconsequential.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. outbound malware report: dont count NDRs in this report

    outbound malware report triggers panic.

    NDRs of malware emails are showing up in the outbound malware report.

    NDRs probably shouldn't include the virus payload or else such NDRs shouldn't be shown in the outbound malware report.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide the option to decrypt emails on the client only

    In the Snowden incident, the government forced Lavabit to provide them with their SSL keys, in order to decrypt their traffic.

    For some clients in financing and government, this risk might not be acceptable.

    Therefore, it should be possible to have an additional encryption layer on top of SSL, where email are transferred to the client in an encrypted state an can only be decrypted by the client.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Dangerous behaviour of SPAM Whitelist

    If there are multiple senders in smtp-header, the spam whitelist is checking each of this senders, and if one is included, then the message is whitelisted. Sounds good.

    I have some pishing eMails received, that are whitelisted, because the faked Sender is in my whitelist.

    MAIL FROM: <wicked@spam.com>
    From: Display Name <good@wellknown.com> <wicked@spam.com>
    (no sender field)

    so, if i have <good@wellknown.com> in my whitelist, the mail would not be checked as spam. The mail however is sent from wicked@spam.com>. It would be displayed as
    Display Name <good@wellknown.com> in Outlook.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. test

    現状、Outlook on the web サービス以外の Microsoft Office 365 サービスを使用する場合、Skype for Business のプレゼンス情報が Office 365 のナビゲーション バーに表示されませんが、
    今後 Office 365 のすべてのサービスでプレゼンスが正しく表示させるか、すべてのサービスでプレゼンスを非表示にすることができるようにしたいです。

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base