Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DO NOT TAMPER WITH MY E MIALS PLEASE. IF NI SEND THEM TO JUNK DO YOUR JOB THERE

    DONT WANT YOU TO GET INVOLVED IN MY E MAILS AND THE CONCEPT OF ENCRYTION IS NOT NEEDED FOR ME .
    I A SK YOU TO HOST MY E MIALS AND DONT TAMPER WITH THEM

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Fix false-positive on Block Extensions Transport Rule - Attached email Subject line ending with .com

    We have noticed a bug in the case where an email subject ends in .com (eg. This is a test@microsoft.com), and a user attaches that email (as an attachment on a new message). If there is a Transport Rule set up to block emails by file extension and it includes the .com extension - it will block the email based on the attachment even though .com is not the file extension (it's actually .msg).

    To recreate the problem in Office 365:

    Using Outlook or OWA:
    1. Send yourself an email with the subject line "this is a test@test.com" …

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  4. unwarranted interference on your part

    I am a person, not an organization, and I cannot understand why you have blocked postings by Arts & Letters Daily, a responsible and respected clearing house of ideas. How do I counteract this?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Your Multi factor authentication is a joke.

    For MFA in Office 365 it generates and app password that then needs to be used the outlook client, phone tablet connections. It is the type of PSW that needs to be printed out because it is too complicated to remember. Give the user and option to change it to as memorable passphrase not some random generation of letters. Now i feel more insecure since I have to print out the passwrd and keep it somewhere

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Office encripted email forward failure

    Whenever I receive a one-time code for encrypted email the message fails to forward and returns this error:

    Technical details of the failure:
    5.7.1 Unauthenticated email from microsoft.com is not accepted due to
    5.7.1 domain's DMARC policy. Please contact the administrator of
    5.7.1 microsoft.com domain if this was a legitimate mail. Please visit
    5.7.1 https://support.google.com/mail/answer/2451690 to learn about the
    5.7.1 DMARC initiative. p21-v6si188132ejx.67 - gsmtp

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Birthday Party | kitty party- make every moment special

    Rihansh Eve N Planner plan budget-friendly kid's birthday party and kitty party in lucknow, Plan ahead. Make a budget. Make your own decorations. Host an at-home party, and get an inexpensive venue. Set a time that isn't around meals. Aim for a budget-friendly theme party decor in. visit:- https://medium.com/@rihanshevenplanners/birthday-party-kitty-party-make-every-moment-special-d1e841c9a158

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Publishing sensitivity labels to O365 groups or DLs doesn't work

    Sensitivity label policies are not getting published when a security group or distribution list is selected as the target. On saving the policy, it shows as "Published to: None".

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Missing checkbox - "Include versions for SharePoint Documents" cited in several Microsoft Resource Documents

    Several articles below refer to a checkbox option that appears to have been removed causing confusion among several customers. I haven't been able to determine if I am not triggering the box to appear properly or if the documentation is outdated and checkbox option has been removed:

    What I have tested so far that instructions recommend to make checkbox available:
    1. Verified Versioning feature is enabled for SharePoint documents. (see below: "if your organization tracks versions")
    2. Added specific SharePoint and OneDrive sites using "Choose specific sites to search" option. Also tried the "Search all sites" option to Include all…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  11. Can we please have an email notification fairly quickly that an email that is pending is "Delayed" rather than 48 before NDR

    Can we please have an email notification (to the user) fairly quickly that an email that is pending is "Delayed" rather than the user having to wait 48 before getting an NDR. Currently, the user assumes the email has been sent but it's too late.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  12. Hoping you will consider to include in DLP to detect sensitive or confidential data on protected documents or password protected .zip,.rar..

    Hoping you will consider to include in DLP to detect sensitive or confidential data on protected documents or password protected compressed file/s

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow to edit Notification FROM address

    currently users get a generic email from Outlook Online or something like that if they violate some DLP or other Policy can we please be allowed to brand and customize that so that ours could say something like PrivacyOffice@MyCompany.com or DLP-Violation@myCompany.com

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Outlook - restrict direct file access while allowing to print attachments in OWA!

    for security reasons we do not want to allow users to access the local hard drive at all but still be able to print attachments they receive in OWA.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. have ActorIpAddress be searched in addition to clientipaddress when using the search-unifiedauditlog -ipaddress filter

    have ActorIpAddress be searched in addition to clientipaddress when using the search-unifiedauditlog -ipaddress filter

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Import Whitelist and Blacklist

    We recently moved to Office 365 to my regret. The spam and malware protection is third rate at best and I've been working/fighting with MS on it for months now. It would be great if there was a way to import a csv file with the thousands of white listed addresses from my previous (competent) provider instead of this whole copying, pasting then hitting the + symbol.

    Also, it would be great if the white list actually kept mail from going into the quarantine, but honesty, that might be beyond your abilities at this point.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Remove exchange mailbox from active sync device after a user is terminated

    Administrators need to have the right to remove the employee Exchange Mailbox from the active sync device they are using without wiping it. This feature was available in Exchange 2010 and now in Exchange 365 it is gone.

    This is important for business data security.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Uploaded pst into Microsoft SAS are removed if no import job are created

    All uploads to the Microsoft SAS are removed after 30 days if no import job are created. It would have been better to remove the uploads that are 30 days older rather than removing everything from the SAS.

    It will allow us to retrieve all recent pst without re-uploading them again.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Show only the users' quarantined mail, not the whole tenants + Outlook plug-in/add-on

    We have a tenant that includes multiple divisions and has over 17,000 users. Therefore, when a user goes into the quarantine to release a mail they see all of the quarantined messages, not just there's. It would be awesome if it only showed the emails relevant to the user.
    What would be better is if this functionality was added into Outlook so that users could see their quarantine.
    Advanced functionality of this seems to be in demand when looking at the other posts, so if a persons' assistant could also see their Quarantine, then that would be great. Just like…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Como puedo validar el uso del correo (por capacidad) de los usuarios en correos de entrada y salida de forma independiente.

    Como puedo validar el uso del correo (por capacidad) de los usuarios en correos de entrada y salida de forma independiente.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base