Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Message trace shows spoofed mail as legitimate

    Please can you enhance the Message trace, spoofed mail will fool your system and show as an internal mail when this is not the case. This leads to incorrect troubleshooting.

    Thanks Bill.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  2. Examples

    Anyone coming in to this new app finds words and their definitions very intimidating. The verbiage used has no precedent with existing policies, so in order to allow the most rapid deployment of this app into a Sharepoint site, I would like to see examples of how this tool is actually used in an example site, with popups showing where the concept is being used and how it got to that point. In other words, I would like to see many examples of compliance in action.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. content search to add Number of Recipients is not greater than X number of Recipients

    content search to add Number of Recipients is not greater than X number of Recipients field for teams searches

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  4. man in the middle

    Ladies and Gentlemen!

    Our IT security specialists have found out that the login data is transferred in plain text when logging on to Office 365. This enables very simple "Man in the middle" attacks. I found a post in Technet about this topic, which is two years old.
    This should be checked and fixed urgently.
    Link to original post: https://blogs.technet.microsoft.com/latam/2016/12/09/o365sectalken/
    Thank you very much!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. add county to on the ip translate on the auditing security log

    pleas add on the user IP report the county and location of the ip it help to read the log and see if there was attack

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable users to read unauthenticated mails in Outlook Client after a warning

    Nowadays,
    When an email is received that did not pass sender authentication:
    - Outlook displays a '?' in the sender photo
    - User cannot read the email in Outlook 2016 with default O365 phishing policy

    The only possibility for administrators today is to either turn this strategy on (be default), or off.

    I would like to add a third possibility:
    - When clicking on the message to read it, the user is warned that the message did not pass sender authentication, bnut still has the option to read it:
    Are you sure you want to read this unauthenticated message Yes…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Show all activity types in the dropdown box for policies in Advanced Security Management

    When creating or editing a policy, you can only browse down to "Force users..." in the Activity Types drop down selector, but if you know the name of activities further down in the alphabet, you can type them in & find them. You should be able to scroll through all of them so an external reference isn't needed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. In Tracking, kindly provide the feature of subject wise tracking.

    As each day, we get phishing issue and tracking with subject is a need.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  9. product compare doc

    Microsoft Product compare, https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Dz8M, says that Core eDiscovery, which includes legal hold, nor Email archiving are part of Microsoft 365 E3 subscription. However, they are part of the Microsoft 365 E3 licensing, just the advanced features are not.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  10. Create security alert when someone with a delegated email opens up the email from the "open another mailbox" link in Outlook online

    Create security alert when someone with a delegated email opens up the delegated email from the "open another mailbox" link in Outlook online

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Install MsOffice with product key

    Microsoft Office is an applications suite, which accommodates some application package into a suite, called MS Office. Each Office application has a unique purpose to get a specific service to office users.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow deletion of Custodians in Advanced eDiscovery

    Currently deletion of custodians is not an option. However, this would be a valuable addition to allow for erroneous data entry and spec changes.

    Having a custodian in the list that is not required is mis leading.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  13. Faltan opciones para la realización de búsquedas por contenido

    Desde hace varias semanas hemos venido recibiendo en varios buzones de correo mensajes que incluyen un archivo adjunto de tipo "IMG" (imágenes de disco) el cual a su vez contiene archivos ejecutables. Cuando el usuario abre el archivo adjunto, Windows 10 monta la imagen (crea una unidad de disco en el equipo) y muestra el contenido, el cual al ser abierto infecta el equipo y da inicio a una serie de tareas típicas en casos de malware.
    Días después del inicio de estos mensajes entrantes, encontramos que a través de una de las cuentas receptoras se estaban enviando masivamente mensajes…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  14. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable starting an extended message trace directly from the result window after running a basic message trace

    Run a basic message trace. Look at the results. If anything looks wrong in the message trace detail, provide an option to run extended trace for that particular message right from the detail page.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  16. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Why run the MS Click-to-Run without explicit permission from me, owner of the computer? A simple pop-up with explanations would suffice

    If MS want to initiate its Click-to-Run streaming service, it should obtain explicit permission from me, the user and owner of the computer. A simple pop-up with explanations would suffice. But MS chooses to decide to push this software-as-a-service component without permission, somewhat reminiscent of malware. That is not nice behavior. Moreover, I cannot find a way to disable this functionality which I do not want.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  18. I have several wifi networks-Frontier, Dish Direct-I've tested them ad they lead right my. I contacted the FCC about the wide-band License

    HI-I've tried to contact the Gov about this-the FCC took off what they thought was illegal but I cannot see the entire account....I KNOW these are on my device and it's the simplest of fixes I would think? The Comcast debacle took forever to put together and I still think it may be an issue,but they are, well, not good. Any Apache software on my device needs to go-there are so many fraudulent licenses....and I can't do a thing until those wifi providers are off.
    I also see the now-deprecated G+ icon and other Social Media are on several pages…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  19. 401/5000 Bs days. Please, how can I retrieve my document, 83 pages long, (I pressed ctrl + capital letters + F9) and it was only put on one

    401/5000
    Bs days. Please, how can I retrieve my document, 83 pages long, (I pressed ctrl + capital letters + F9) and it was only put on one page. But when I enter the properties of said document, in details, it appears that there are 83 pages, in the content and also in the content type this: application / vnd.openxmlformats-officedocument.wordprocessingml.document.

    Please, how do I get my document back? Thank you

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base