Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. The operation log of the audit log cannot be confirmed in detail

    The operation log of content search is confirmed in the audit log.

    However, although it is output as a search result, I would like to check in detail, such as "Administrator A confirmed the email received at User A's 8/1 11:11".

    コンテンツ検索の操作ログを、監査ログにて確認しています。
    しかし、検索結果としては出力されますが、「管理者 A がユーザー A の8/1 11:11 に受信したメールを確認した」のように細かく確認したいです。

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Centralised way to clear user's suggestions

    Suggestions can only be cleared by users selecting the X next to the suggestion.

    Provide O365 admin the ability to clear a user's suggestions or a collection of users (domain or tenancy).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow searching of second level malware family without adding top malware family as search item

    The threat explorer allows to search for malware families. You need to enter either the top-level Malware Family or top-level+second-level malware family. This makes searching for malware, without knowing the exact top level family very difficult.

    Example : Searching for "DDE".
    In order to find all malware related to DDE you need to include "O97M" (top malware) in the search for DDEDownloader.C

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  4. To warn users not to use To and CC when sending email to multiple customers due to PDPA

    There's no DLP rule to prompt user of a shared mailbox not to use "To" and "CC" field but to use BCC. This is for situation where user of a shared mailbox wants to send promotional and announcements information to customers but don't want to reveal the customers' email addresses due to PDPA.

    It'd be very helpful if it prompts (warning message) to user not to use To and CC but to use BCC field instead when sending email to multiple recipients such as customers.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  5. Shared mailbox audit

    Shared Mailbox Audit

    When an phishing email comes into a shared mailbox. We should be able to tell which users have opened the email in the Shared Mailbox, which users have clicked on a phishing URL via the Shared Mailbox and also search via the Sender to fasten the investigation.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  6. quarantined email disappeared

    As administrator, I checked/selected SOME quarantined emails and deleted them. It deleted ALL quarantined emails even if they weren't checked!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create and import new policies in MCAS using Powershell

    Currently it is not possible to create new Microsoft Cloud App Security policies using power shell module.

    Also, no possible to import these policies from Powershell.

    This would be useful it a customer has multiple tenants and would like to keep them aligned.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Audit log for Office365 licensing is not available

    If someone (global admin) add any subscription to the tenant, we should be audit such events. Ticket #:10552042

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. No e-mails should be delievered from 8pm to 7am, unless there is an emergency.

    “No e-mails should send out between 8pm – 7 am, unless there is an emergency. In other words, we can draft e-mails, send them, however e-mails should be delivered after 7 am, unless there is an emergency”
    Can this rule be implemented?
    Please confirm

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to whitelist 3rd party anti-phish reporting tools

    Although the malware filters are working as expected, some companies I have worked for use third party tools (i.e. PhishMe or PhishGuru) to mitigate Phishing and Spam emails.

    These tools come with Outlook Add-in's for users to submit emails that did not get blocked originally. Since the malicious email made it through to the users mailbox, by the time they submit to such a service, the email gets blocked by the Malware filter now, recognized the malicious and therefore it goes unreported or in our case the user gets an email from EOP station that the message was rejected as…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  11. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. SOX audit report for PWA

    Develop a report at field level in PWA to support SOX auditing. Fields related to Budget, time approval and Forecast.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  14. content search export

    you should add network bandwidth option. when i dowload dismissed user then download mails ; it use whole my internet bandwitdh.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. ATP safe attachments: Add Scan First then Deliver email mode without Malicious item Quarantine

    Current settings available are Off, Block, Replace, Dynamic Delivery

    Off -No scan

    Monitor - Just Monitor

    Block - Requires rules to be set and administrators to manually release emails

    Replace - Replaces malware file

    Dynamic Delivery - Delivers email first then user has to log onto the tenant or 2-5 minutes later the attachment shows up This greatly frustrates staff as they cannot properly act on email until they have the attachment.

    ---Add a mode where the email is delayed while the attachments are scanned then whole email is delivered
    _Administrators should have the option to quarantine or to not…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. E-Discovery Search to exclude Voicemail messages

    Due to confidential voicemail messages in mailboxes, can there be an option in the new e-Discovery search to filter out by voicemail message. I understand that you can specify searches by keywords, but if there is a build in feature in e-Discovery to exclude voicemail, this can prevent man made mistakes when performing searches.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. Attack simulator

    The new Attack simulator don't take the passwords without special characters
    For example
    If the password is Test1 it not gonna show that any of your user is susceptible to Brute Force Password attacks.
    But if the password is Test01- that way can be recognized and gonna show you that one of your users is susceptible to Brute Force Password attacks.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add option to Import data from Holds created by the Admin

    I have added almost 450 Onedrive sites to hold. it would be great if we have an option to export the data for verfications.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  19. Freedom of custom text

    I want to be able to change the content of the notification text for each detected email when an email is detected as malware.

    This request is based on customer's voice.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  20. Well to be honest I’m amazed by the team challenge on how quick you all were to respond, between apple and then Microso

    I believe if you have self encrypters like the ones we see everyday and used to, well if we take the privacy, and policy with the site terms we can actually make it a ghost code. It’ll be visible to the eye under light but we/ you all have the lighting and screens to detect a security breach. I hope that makes sense. For me I’m constantly clicking and clicking to find the answer, and to be honest with myself it’s starting to make sense. So thank you all and thNk you for the great team to team execution. I…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base