Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Notification of Sensitivity Label Changes

    Send email notification to the author of a document who has applied a sensitivity label, when the label changes.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Message Encryption Not ready for *********

    Their are various issues with message Encryption that I'd like to report: This is using Encryption when IRM is setup and you choose to encrypt the message through Outlook - Options - Permission- Encrypt Only


    1. When sending a encrypted message to an internal recipient (same O365 domain) the user is sent in a loop unable to view the document. You click on the message in the Outlook client and it opens up a browser to view it in Outlook Online. When In outlook online it states you you can only view the message in the Outlook client.


    2. You can not…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Hope there will be more Audit Log about email issue

    Hope there will be more Audit Log about email issue. (Last time i tried to find log about "Email forward setting" but failed

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Group Email id (distribution list)

    When ever we are creating new email id it should have the option of adding automatically to the particular Group Email id (distribution list) and the option should be available for the normal distribution group.

    Option should be available for normal distribution group can be converted to dynamic distribution group?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  5. Generate audit log entries for Bookings Application

    Although the Bookings Application seems to use a Scheduling Mailbox in Exchange (auditing disabled by default) activities do not appear to leave a footprint except confirmation emails. MS Tech Support have confirmed that there is no audit logging available for the Bookings applications. Please generate events in audit log for all activities to ensure customer interactions can be appropriately investigated as/when required. We've already encountered reports of double-bookings with no ability to investigate what happened.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Audit reports delete log entries are using userid and groupid.

    There is no way to get a listing of userid and users or group ids and group names. Either consistently user login user names and group names OR provide a means to relate userids to users and groupids to group names.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. would like to mark any messages inbound and outbound with 80+ messages as SPAM and allow them the option to select which messages are allowe

    I´d like mark any messages inbound and outbound with 80+ recipients as SPAM and allow them the option to select which messages are allowed to be delivered with 80+ recipients and which are not.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. MS Stream - Default change to share option

    Alter the current default section of share with 'everyone in the business' to 'only me' to avoid employees accidentally sharing personal and/or sensitive data with the entire organisation.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. provide easy method to submit suspicious files for in-depth checking

    I've had a heavily obfuscated macro/word doc passed onto me via outlook (nothing stopped me downloading the file to onedrive!), it would help if we could submit suspicious files so you can improve malware/virus detection. and suitable notifications for both the user and Office 365 admins.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. O365 mailboxes audit log is missing alot of essential data

    O365 audit log is only showing the real IP from which a certain mailbox was accessed, this is not helpful and not enough at all, as usually users are accessing internet via PAT real IPs, so it is totally misleading whenever there is any need for a sure piece of information, so at least we need to know the virtual IP, Machine name and the mac address from which any mailbox was being accessed, as real IPs are telling nothing.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Office 365 does not warn that the password has 7 days to complete.

    Office 365 does not warn that the password has 7 days to complete.The warning window says it's coming but there's no warning. I have 30 users and it gives no warning.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  12. We need to know the IP address of the user who makes a rule on his mailbox

    We need to know the IP address of the user who made the rule on a user mailbox since this action is usually triggered by an abuser who compromised a user mailbox

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Security / Compliance Center Junk E-mail IP block does not appear in Show Detailed Table

    Security / Compliance Center Junk E-mail IP block does not appear in Show Detailed Table

    セキュリティ/コンプライアンスセンター迷惑メールの IP ブロックが、 [詳細な表の表示] に表示されない

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  14. Access to CRM should be controllable through Intune (MDM) or, better, like Exchange does.

    Access to CRM should be controllable through Intune (MDM) or, perhaps even better, like Exchange does.

    We need to monitor and controll which devices are allowed for using CRM, and we want to force password and lock-time settings when installing the CRM app.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. How about you use SPF records to verify the validity of a mail server like the rest of the industry?

    We moved our client to a new internet connection and changed their MCX and SPF records accordingly (both records had a TTL of 60 seconds). 3 hours later, they told us O365 was blocking them. Check of industry blacklists and SPF Validity tests indicated noone else had a problem receiving their mail, it was just O365 being special

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Change 2FA+Login process to prevent phishing

    2FA can be used to prevent phishing if a change to the login and 2FA process is applied to online login portals. The login page must load only the username field statically. The username is submitted and if found in the database an OTP is sent to the user. Once OTP is successful the password field gets loaded dynamically, the password is entered and the user authenticates. A spoofed website will not be able to simulate the 2FA, so once users are aware of the new authentication method they will be able to identify the spoofed page before they enter…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. New-ComplianceSearch should have a flag to ignore invalid locations

    When we have built a list of recipients and fed them to New-ComplianceSearch it will report on invalid locations and not create the search. It would save time if we could pass a flag telling it to ignore invalid locations.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Adding Message Sent and Messages Marked As Unread events types

    Are there any plans to add Message Sent and \or Messages Marked As Unread events types for Exchange Online in the near future? Not including these event types in the O365 audit trail makes it difficult to monitor for certain suspicious activities.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add other products to service trust portal

    As a CEO of a UK SME Microsoft Gold Dev Partner, we are like all SME's overwhelmed by GDPR and other compliance needs. The Service Trust Portal is Excellent. But only covers office 365 and Azure. I wouldnt expect microsoft to assess or be responsible for 3rd party products but, the system is lovely and easy to use so, it would be great if:
    1. There were API's or other extensions we could use to develop our own "plugin" to the trust centre so that we could allow our customers to manage GDPR for our application in the same way…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  20. eDiscovery screens that are user friendly for legal.

    Legal should just have to pick the user name to put on hold and have check boxes to say put their email, onedrive on hold. They should not have to know the OneDrive URL. Also a check box to put the user's team chat and teams the user is in on hold. For SharePoint let user pick the name of the teamsite to put on hold not have to rely on IT person to provide URLs to legal. Also we recently learned that when a user is on a Hold and their name changes in O365 email and Onedrive, that…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base