Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. UI: please add an export button at the end of the controls

    Please add another "Export to Excel" button at the end of the controls page.
    It usually makes me first scrolling down - recognizing that the button is not there - and scrolling all the way back to the top. Just doublicate the button!
    Thanks!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. Update DLP rules to close Document Versioning loophole

    A file that passes the DLP rules can still contain visible Sensitive information in a previous version of the file. This directly bypasses the intended behaviour of the whole DLP system (to restrict access to sensitive information).

    One of the primary ways to unlock a DLP locked file is to update the file to remove the sensitive information. By doing so the DLP flag will be removed and file access by other users restored. Currently, this actually exposes the sensitive information contained in the file because these other users can easily view the sensitive information via the version history of…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  3. Compliance Center Issues

    I have been doing a lot of testing with Search in the Compliance Center against OD4B sites in SPO. We are a very large origination (55,000+ users) and currently have over 24,000 OD4B sites. The admin center in the Compliance Center is limited but does work as advertised to some extent. I can search and retrieve the first 200 items for preview. It is a bummer that the preview or entire results from the query can't be exported here. That led me to move to PowerShell using the Compliance Center commandlets. I am very disappointed in it's current function. I…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  4. separate sending IP addresses for tenants

    It would be nice to have separate sending IP addresses for every different tenant. This way SFP rules won't assume that email from compromised O365 tenants are safe.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Can you add Malaysia Passport Number as part of the DLP template offering?

    Can you add Malaysia Passport Number as part of the DLP template offering?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  6. Differing Status Views in Office 365 Admin Quarantine

    The 'new' admin quarantine page (to be switched over in October 2018) appears not to show status of quarantine emails. In the old view, I put in a user in the recipient field and up comes 3 emails spam or otherwise. Status reports they have been released, so if there is any question, I can say, yes, it has been released. However, on the new quarantine page view, when putting the same user in the recipient field, nothing is listed. Could this be enabled please?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow more than a single transport rule for OME

    Recently, I created a DLP Transport Rule for Office 365 using the US Financial Data Services as a template and the transport rule action was to Apply Office 365 Message Encryption.

    Prior to implementing this transport rule I had a simple OME policy of encryption e-mails with a high priority that were sent outside my organization.

    After spending some time trying to figure out why this Transport Rule (and corresponding action) was not working, I have learned that having more than one Transport Rule using OME is not permitted.

    I see this as a shortcoming - as using an encryption…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  8. No alert for PII email with blank subject line

    There is no alert in Security and Compliance for an email containing PII with a blank subject. User notification and policy tip work.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  9. A locked policy can be increased or extended, but it can't be reduced or turned off. This is very bad! allows changes, but not the history

    The retention policy lock should be able to be changed! The forever unchanged is the history of content and should be backup in a separated location. Right now, if the retention policy includes SharePoint, the sharepoint site admin not even can delete the lib/list etc. This is dumb. The retention should smart enough to backup the delete files and without interrupt the users.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. AIR (preview) add warning banner to actions approval

    Currently AIR might find that normal links to Facebook or LinkedIn company pages are malicious, and consequently suggest in an investigation to delete any mail with such links. It's currently too easy to just approve 5-7 suggested actions of a suspect malicious mail - and perhaps delete 1 million legit mail in the process.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. The operation log of the audit log cannot be confirmed in detail

    The operation log of content search is confirmed in the audit log.
    However, although it is output as a search result, I would like to check in detail, such as "Administrator A confirmed the email received at User A's 8/1 11:11".
    ----

    コンテンツ検索の操作ログを、監査ログにて確認しています。
    しかし、検索結果としては出力されますが、「管理者 A がユーザー A の8/1 11:11 に受信したメールを確認した」のように細かく確認したいです。

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Centralised way to clear user's suggestions

    Suggestions can only be cleared by users selecting the X next to the suggestion.

    Provide O365 admin the ability to clear a user's suggestions or a collection of users (domain or tenancy).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow searching of second level malware family without adding top malware family as search item

    The threat explorer allows to search for malware families. You need to enter either the top-level Malware Family or top-level+second-level malware family. This makes searching for malware, without knowing the exact top level family very difficult.

    Example : Searching for "DDE".
    In order to find all malware related to DDE you need to include "O97M" (top malware) in the search for DDEDownloader.C

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  14. To warn users not to use To and CC when sending email to multiple customers due to PDPA

    There's no DLP rule to prompt user of a shared mailbox not to use "To" and "CC" field but to use BCC. This is for situation where user of a shared mailbox wants to send promotional and announcements information to customers but don't want to reveal the customers' email addresses due to PDPA.

    It'd be very helpful if it prompts (warning message) to user not to use To and CC but to use BCC field instead when sending email to multiple recipients such as customers.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  15. quarantined email disappeared

    As administrator, I checked/selected SOME quarantined emails and deleted them. It deleted ALL quarantined emails even if they weren't checked!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Audit log for Office365 licensing is not available

    If someone (global admin) add any subscription to the tenant, we should be audit such events. Ticket #:10552042

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. No e-mails should be delievered from 8pm to 7am, unless there is an emergency.

    “No e-mails should send out between 8pm – 7 am, unless there is an emergency. In other words, we can draft e-mails, send them, however e-mails should be delivered after 7 am, unless there is an emergency”
    Can this rule be implemented?
    Please confirm

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  18. Ability to whitelist 3rd party anti-phish reporting tools

    Although the malware filters are working as expected, some companies I have worked for use third party tools (i.e. PhishMe or PhishGuru) to mitigate Phishing and Spam emails.

    These tools come with Outlook Add-in's for users to submit emails that did not get blocked originally. Since the malicious email made it through to the users mailbox, by the time they submit to such a service, the email gets blocked by the Malware filter now, recognized the malicious and therefore it goes unreported or in our case the user gets an email from EOP station that the message was rejected as…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. SOX audit report for PWA

    Develop a report at field level in PWA to support SOX auditing. Fields related to Budget, time approval and Forecast.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base