Office 365 Security & Compliance
We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.
Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!
How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post
Thanks for joining our community and helping improve these features in Office 365!
Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.
-
Why is it that Secure Score states Audit for all users is not enabled. yet it is and I can run reports
In Secure Score improvement actions it states I should enable auditing for all users. As far as I can see this is enabled and I regularly run audit reports and take action against them. Is this a fault in secure score or am I missing another switch somewhere.
Why does Secure Score not allow admins to enable elements directly instead of going hunting for settings.1 vote -
Macro to Make the Audit Report Useable
Here is the Excel Macro code to the take the csv file from the Audit Log Search - Export file. If you add these two macros to your file, you will be able to see a report that actually usable!
Sub AuditFileRepair()
'
' AuditFileRepair Macro
'
' Keyboard Shortcut: Ctrl+Shift+M
'
…Range(Selection, Selection.End(xlDown)).Select
Selection.Replace What:="{""", Replacement:="|", LookAt:=xlPart, _
SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
ReplaceFormat:=False
Selection.Replace What:=""":""", Replacement:="|", LookAt:=xlPart, _
SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
ReplaceFormat:=False
Selection.Replace What:=""",""", Replacement:="|", LookAt:=xlPart, _
SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
ReplaceFormat:=False
Selection.Replace What:=""":", Replacement:="|", LookAt:=xlPart, _
SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
ReplaceFormat:=False
Selection.Replace What:=",""", Replacement:="|", LookAt:=xlPart, _
SearchOrder:=xlByRows,1 vote -
End-User Spam Notification - Frequency
We can only have one email sent per day, notifying the user they have spam in quarantine. The email is usually sent just after midnight, so if the user does not check their quarantine, it could be a full 24 hours until they are notified that they have spam to release.
MY SUGGESTION: At least three notification per day1 vote -
Search by sender IP
In https://protection.office.com/#/contentsearchbeta - We can search by Sender address (accepts *@domain), and recipient address.Can you add search by sender IP? Thanks
1 vote -
View initial app password when the MFA enabled
Currently we are not able to check the newly generated initial app password when setting multi factor authentication. Previously, we were able to view the app password. We understand that no app password will be created due to the MFA integration. But if you are changing the behavior, I don’t want any app password to be created. Or if the initial app password will get generated, I would like it to be visible.
1 vote -
O365 tenant security recommendation and InfoSec processes for O365?
As so much work already done, we have recently deployed our tenant, can I have some template to address top key security challenges and also some process guidelines to make we sufficiently cater Corporate Security Team for any investigation?
1 vote -
mfa
MFA Calling Options. Right now, when you choose to have MFA call your phone it is only in English. Offer a configurable method for other languages such as German. My company has a large group of users in other countries and some do not speak English.
1 vote -
i hacked this account, this is not my account, i want you to contact cameronbuchanan998@gmail.com.
Give cameronbuchanan998@gmail.com his info back
1 vote -
Better information about source/system in OTP-sms:es and authenticator requests
Make it visible what system/source/purpose an OTP SMS or authenticator request is concerning.
The current solution does not state more than the source "Microsoft" and the OTP. It becomes hard to verify that the purpose of the OTP is legitimate.
As a reference you could look into Swedish Mobile Bank-ID where the name of the company or organization requesting verification is displayed as part of the request.
1 vote -
コンテンツの検索にて組織外のユーザーを検索クエリの条件として指定できるようにしてほしい
メッセージ追跡レポートでは、連絡先に追加してある組織外のユーザーを検索条件として指定できますが、コンテンツの検索ではできないので不便です。
またコンテンツの検索で組織外の全ユーザーを一括で検索できるようにしてほしいです。1 vote -
I want to check delayed messages in real time
Security & Compliance feature can not confirm delayed messages in real time
セキュリティ&コンプライアンスの機能では遅延したメッセージをリアルタイムに確認できない
1 vote -
Log protocol rejections in Exchange Audit Log
Azure AD logs the protocol authentication as successful and there is no protocol rejection logged in Exchange. This makes it very hard to prove the system was NOT accessed from an investigation perspective. This should be addressed my Microsoft ASAP. From a Security perspective, there is value in knowing about connections which are denied to a system as this could indicate an attack.
1 vote -
Security Reports
Please enable better format for reports. PP, PDF etc. Something with graphics. CSV format not good for quick summary overview.
1 vote -
Need discrete XML files for domains and ip addresses that can and cannot traverse a proxy solution
Please create 3 discrete XML Feeds for the following categories of traffic to enable easier consumption of data required to configure the customer's environment relative to proxying traffic for Office 365 workloads:
…• All FQDN/CIDR paired and CIDR prefix only destinations - Bypass your proxy for all FQDN/CIDR paired and CIDR prefix only destinations;
• Inspection, authentication, reputation lookup services for any FQDNs marked required without a CIDR prefix - Bypass your proxy or remove inspection, authentication, reputation lookup services for any FQDNs marked required without a CIDR prefix;
• Everything Else - For any remaining optional FQDNs, wildcards, DNS,1 vote -
Maintain the Folder structure in Advanced eDiscovery
It would be good to be able to see the Folder Structure that was originally created in outlook and one drive in Advanced eDiscovery. Presently all the documents and there, but the structure has been lost and so locating documents is challenging
0 votes -
I want to be able to check the details of the log when company information is changed in the audit log.
監査ログにて、会社情報が変更された際のログの詳細を確認できるようにしたい
A log is recorded when there is a change in company information in the audit log.
However, even if you check the details of the log, you cannot check what items were set and how.
Currently, it is not possible to check what kind of settings have been made when setting user information as well as company information.
If there are multiple administrators, it is necessary to check which administrator performed what operation, so I think it is necessary to implement this function.監査ログにて会社情報の変更があった際にログが記録されています。
しかし、ログの詳細を確認してもどのような項目がどのように設定がされたかなどを確認することができません。
現状、会社情報に限らずユーザー情報の設定を行った際にも、どのような設定をされたかどうかなどかを確認することができません。
管理者が複数いる場合などに、どの管理者がどういった操作を行ったかを確認する必要があるため、本機能の実装が必要です。0 votes -
Please add more Phishing Templates for Attack Simulator
Please add additional Phishing Templates, or create a GitHub repository for the community to collaborate on phishing templates. Other solutions have rich libraries so if Microsoft wants to compete with other phishing simulators, it really needs more choices.
0 votes -
MalwareFilterPolicy: BypassOutboundMessages
The parameter BypassOutboundMessages should also work in Exchange Online.
3 votes -
Allow search for all activity by IP
I would like to search the entire activity log by a specific IP address.
0 votes -
Email Certificate of Destruction
There is the capability to enable mailbox auditing, which also provides a audit log if a user, or an Exchange admin hard deletes a message. However, this audit log does not capture hard deletes when initiated from a retention policy. I would think this is a critical piece of information any compliance and regulatory department would need in the case of defensibility in a legal situation.
0 votes
- Don't see your idea?