Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Forwarding a message that contains these so-called "safe" links is a nightmare.

    These so-called "safe" links are a nightmare from a usability standpoint and needlessly obscurew the original link. It is imprtant to have the ability for users to see clearly the original destination of each link so that they can evaluate for themselves the trustworhiness of the oringinal site. (For example, most mail readers have the ability to hover over a URL to see where it actually points and this is disabled by ATP re-rwitten URLs.). Please fix this usability disaster.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  2. Retention policies (with records marker) should be manageable by admins

    I understand the purpose of records markers in retention policies is to protect official company records. There is, however, a sizeable gap in the functionality to be able to administer such labels even before they are published for use. i.e., even an unpublished (and therefore completely unused) retention label with a company record marker cannot be edited or deleted in any way. Guidance on https://docs.microsoft.com/en-us/office365/securitycompliance/labels#using-retention-labels-for-records-management does NOT alert anyone to this fact as it notes "WHEN AN ITEM IS LABELLED AS A RECORD, four things happen: 1. The item can't be permanently deleted; 2. The item can't be edited; 3.…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Easy to access support

    Hi,

    Sounds silly, but after spending close to 2 hours navigating the MS support teams it makes sense to me. Either update the Office 365 "New support" area to allow support tickets for attack simulator, or have a link within the webapp to log bugs either into the support teams or via github.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. More options with OTP

    As it is right now OTP is either enabled or disabled. There should be an option to use OTP only when an email is being sent outside of the organization otherwise it stays disabled. To have OTP enabled all the time doesn't make sense because if someone's mailbox is compromised the would be hacker could easily click the OTP link to gain access to the email. You could enforce the use of MFA to mitigate that issue but if you have a lot of users, especially ones who are not savvy with computers, that could be a real nightmare.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Why is it that Secure Score states Audit for all users is not enabled. yet it is and I can run reports

    In Secure Score improvement actions it states I should enable auditing for all users. As far as I can see this is enabled and I regularly run audit reports and take action against them. Is this a fault in secure score or am I missing another switch somewhere.
    Why does Secure Score not allow admins to enable elements directly instead of going hunting for settings.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Macro to Make the Audit Report Useable

    Here is the Excel Macro code to the take the csv file from the Audit Log Search - Export file. If you add these two macros to your file, you will be able to see a report that actually usable!

    Sub AuditFileRepair()
    '
    ' AuditFileRepair Macro
    '
    ' Keyboard Shortcut: Ctrl+Shift+M
    '

    Range(Selection, Selection.End(xlDown)).Select
    
    Selection.Replace What:="{""", Replacement:="|", LookAt:=xlPart, _
    SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
    ReplaceFormat:=False
    Selection.Replace What:=""":""", Replacement:="|", LookAt:=xlPart, _
    SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
    ReplaceFormat:=False
    Selection.Replace What:=""",""", Replacement:="|", LookAt:=xlPart, _
    SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
    ReplaceFormat:=False
    Selection.Replace What:=""":", Replacement:="|", LookAt:=xlPart, _
    SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
    ReplaceFormat:=False
    Selection.Replace What:=",""", Replacement:="|", LookAt:=xlPart, _
    SearchOrder:=xlByRows,
    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Search by sender IP

    In https://protection.office.com/#/contentsearchbeta - We can search by Sender address (accepts *@domain), and recipient address.Can you add search by sender IP? Thanks

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  8. Please add to pre-define template alert policies “if suddenly no emails are sent or blocked" per user

    Please add to pre-defined anomaly template to alert “if an user sends an average of 40 emails per day and if suddenly no emails are sent or blocked”.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow us to retrieve the IP address used for Microsoft Teams via Content search

    Content search in Office 365 Security & Compliance does not allow us to retrieve the IP address used for Microsoft Teams, so I would like to retrieve it same as ones for other products.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. O365 tenant security recommendation and InfoSec processes for O365?

    As so much work already done, we have recently deployed our tenant, can I have some template to address top key security challenges and also some process guidelines to make we sufficiently cater Corporate Security Team for any investigation?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  11. mfa

    MFA Calling Options. Right now, when you choose to have MFA call your phone it is only in English. Offer a configurable method for other languages such as German. My company has a large group of users in other countries and some do not speak English.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. コンテンツの検索にて組織外のユーザーを検索クエリの条件として指定できるようにしてほしい

    メッセージ追跡レポートでは、連絡先に追加してある組織外のユーザーを検索条件として指定できますが、コンテンツの検索ではできないので不便です。
    またコンテンツの検索で組織外の全ユーザーを一括で検索できるようにしてほしいです。

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  13. UK Education numbers

    As an education company having ULN/UCI/UPN added to the sensitive information types would be extremely useful.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  14. I want to check delayed messages in real time

    Security & Compliance feature can not confirm delayed messages in real time

    セキュリティ&コンプライアンスの機能では遅延したメッセージをリアルタイムに確認できない

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  15. Log protocol rejections in Exchange Audit Log

    Azure AD logs the protocol authentication as successful and there is no protocol rejection logged in Exchange. This makes it very hard to prove the system was NOT accessed from an investigation perspective. This should be addressed my Microsoft ASAP. From a Security perspective, there is value in knowing about connections which are denied to a system as this could indicate an attack.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Security Reports

    Please enable better format for reports. PP, PDF etc. Something with graphics. CSV format not good for quick summary overview.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  17. Need discrete XML files for domains and ip addresses that can and cannot traverse a proxy solution

    Please create 3 discrete XML Feeds for the following categories of traffic to enable easier consumption of data required to configure the customer's environment relative to proxying traffic for Office 365 workloads:

    • All FQDN/CIDR paired and CIDR prefix only destinations - Bypass your proxy for all FQDN/CIDR paired and CIDR prefix only destinations;
    
    • Inspection, authentication, reputation lookup services for any FQDNs marked required without a CIDR prefix - Bypass your proxy or remove inspection, authentication, reputation lookup services for any FQDNs marked required without a CIDR prefix;
    • Everything Else - For any remaining optional FQDNs, wildcards, DNS,
    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Need APIs to handle Labels in protection.office.com

    Is there any APIs to manage Labels in Security and Compliance portal / Office 365 for Sharepoint online, Exchange online and Onedrive online ? If exists, please give the details for the same.

    If not, will the same operations available through Powershell ? And please provide the details, if exists.

    FYI: The link below is similar to my requirement:

    https://stackoverflow.com/questions/48391178/api-or-mechanism-to-apply-scc-labels-to-exol-mailbox-items-and-folders

    This is an urgent requirement, so needing the confirmation from your side ASAP.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  19. MalwareFilterPolicy: BypassOutboundMessages

    The parameter BypassOutboundMessages should also work in Exchange Online.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow search for all activity by IP

    I would like to search the entire activity log by a specific IP address.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base