Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Advanced Threat Protection (ATP) attachment scan delay too long

    When the Advanced Threat Protection (ATP) safe attachment policy is set to dynamic delivery, the attachment scan can take around 30 minutes. It just says scan in progress. this is way too long and severely impedes the work flow in a fast pace environment where the scans are needed the most. They should be designed to scan instantly.

    163 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. New function proporsal : Coping eDiscovery result to Discovery mailbox operation from S/C center.

    Operations from sc center that Copy eDiscovery search results to a discovery mailbox would be very useful.

    This operation is available only in Exchange Management Center.
    but we want to implement this operation in SC center too. Please consider this function.

    165 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    16 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  3. Audit report showing encrypted messages sent

    Messages are encrypted automatically according to rules. However, there is no way to confirm for audit purposes that a message was actually encrypted.

    161 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow powershell scripting in Advanced eDiscovery

    I have scripted out the entire eDiscovery process in E3 eDiscovery which allowed us to save time and money, and repeat searches with minor variations very easily. With Advanced eDiscovery, I am unable to do so. Please add powershell scripting support (or provide the documentation) so we can streamline our collection and export processes.

    159 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    working on it  ·  1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  5. Mailbox Auditing enabled by default

    We would like to have mailbox auditing enabled by default for all mailboxes in Office 365. We should not have to manually enable for new users as they are added (via PS). Can we not have a way of enabling this for all mailboxes on the tenant?

    158 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Extend the Audit Log to hold records for longer than ninety days

    The Audit Log's functionality in Office 365 is excellent but the logs are only held for ninety days rolling.

    Due to this we are having to look at third party solutions to export the logs automatically, but this would be much easier if you extended the logging period out to a much longer period - years would be better than months.

    151 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  7. More details in message trace (client type and message class)

    On on-prem exchange servers, there are valuable information that are showing what client was used to send a message or meeting (like AirSync or MOMT, etc.), and Message Class (like IPM.Note or IPM.Schedule.Meeting.Request, etc.).
    This has proven to be valuable in determining some mailflow issues and would also be valuable information in Office 365 message trace.
    Thank you.

    152 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow deletion of "Other Suggestions" entries in Outlook

    The "Other Suggestions" list that pops up when you type an email address in the To: field in Outlook can quickly become cluttered with outdated and inaccurate entries. There is currently no easy way to delete these suggestions.

    Please provide a way to delete these entries one by one as you do with the "Recent People" autocomplete list (Del key or X button on right hand side) as well as a way to clear all entries.

    148 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make it possible to search subject in Message trace

    Can we have a feature in message trace of Admin center to allow us search email by their subjects

    144 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  10. Custom Safety Tips

    We would really like to be able to raise a few custom Safety Tips on inbound messages.

    For starters, it would be great to raise a Safety Tip on every message originating from an external sender, i.e. every inbound message. A simple safety tip that read "Notice: This message was sent from outside our organization. Please use caution with links an attachments" would work wonders.

    Another Safety Tip, perhaps with a warning level, to flag messages that fail SPF checks would also help.

    The idea is to provide actionable information to message recipients so that they can make better decisions…

    141 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Force Modern Authentication

    The powershell command Set-OrganizationConfig -OAuth2ClientProfileEnabled $true enabled Modern Authentication methods for Exchange Online, allowing the ability to create Conditional Access Policies, which can require domain joined devices or MFA, etc. Unfortunately legacy Outlook clients just bypass this policy by falling back to legacy authentication.

    There is currently no way to REQUIRE modern authentication without using ADFS. We would like this feature!

    137 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Provide the ability to edit the default protection alert(s) in powershell

    First off the help for new-protectionalert -examples should provide more information than "insert example commands for example 1"

    Secondly, it does not appear to be possible to edit the default protectionalerts that exist on a new tenant in powershell.

    Attempting to get and then set the recipient crashes the powershell as follows.

    get-protectionalert | ? {$_.operation -eq 'MailRedirect'} | set-protectionalert -notifyuser noc@nocdomain.com
    WARNING: An unexpected error has occurred and a Watson dump is being generated: There is no rule matching identity
    'f00ed340-8f84-4eb4-83f3-0075a22b262e\Creation of forwarding/redirect rule'.
    There is no rule matching identity 'f00ed340-8f84-4eb4-83f3-0075a22b262e\Creation of forwarding/redirect rule'.

    + CategoryInfo          : NotSpecified: (:)
    138 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. More Than 8-Character Minimum Password Requirement

    Allow for the current 8-character minimum requirement to be changed to something longer (i.e. – 10 or 12). Allowing for an 8-character minimum password length ensures mostly that.

    Changing character density from 8 to 10 characters increases offline resilience from less than a day to almost two (2) decades, and 12 characters to over a thousand centuries [ref: Gibson research Center’s ‘Haystack’ page - https://www.grc.com/haystack.htm ].

    Allowing administrators the option of lifting this minimum not only forces users to create potentially more secure passwords, but also allows them to use them longer without needing to change them… potentially until there…

    136 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Attack Simulator: Phishing Login server URL detected by common browsers (Chrome, Internet Explorer, Edge) as "Deceptive" or "Unsafe"

    When clicking on the link produced by the Spear Phishing attack simulator in https://protection.office.com/attacksimulator (Phishing Login server URL), common browsers like Chrome, Edge, or Internet Explorer detects the site as "Deceptive" or "Unsafe". This results to a failed simulation as no user will attempt to click on "visit this unsafe site". Even if the users click on the link, that of which is recorded, the test will always have a 0% Success Rate.

    Is there anyway that Microsoft can coordinate with the common browsers to "whitelist" all their Phishing Login server URLs?

    132 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →

    The core cred harvesting URLs in attack simulator are allow-listed in SmartScreen (the technology used in Explorer and Edge), so they shouldn’t be blocked with those browsers. Chrome is usually the biggest problem, and Microsoft has been unsuccessful in convincing Google that they should include our phish training URLs in their default allow-lists. Instructions on how to deploy a client policy that allow-lists the cred harvesting URLs for Chrome can be found here:
    https://support.google.com/chrome/a/answer/7532419?hl=en

    At the moment, the following URLs are included in the M365 Attack Simulator:
    http://portal.docdeliveryapp.com
    http://portal.docdeliveryapp.net
    http://portal.docstoreinternal.com
    http://portal.docstoreinternal.net
    http://portal.hardwarecheck.net
    http://portal.hrsupportint.com
    http://portal.payrolltooling.com
    http://portal.payrolltooling.net
    http://portal.prizegiveaway.net
    http://portal.prizesforall.com
    http://portal.salarytoolint.com
    http://portal.salarytoolint.net

  15. Please offer command to purge emails from "recover delete" using content search

    Currently the "softdelete command when used like this: example
    "New-ComplianceSearchAction -SearchName "Remove Phishing Message" -Purge -PurgeType SoftDelete"
    Will send message to recover delete. I would like there to be there a Harddelete" to send them straight to purge so the user can not accidentally recover a phishing email and click on it.
    Please advise

    130 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Security & Compliance Center PowerShell - ADAL Support for MFA

    PowerShell for Security & Compliance Center Needs ADAL Support, as right now it uses the Exchange connector to the Basic auth endpoint. Exchange Online PowerShell has an ADAL client now, where's the one for Security & Compliance Center?

    126 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow dynamic retention policy based on group membership

    The below is too great a restriction and renders the retention policy useless.

    Groups selection confirmation

    The specified groups will be expanded so that an In-Place Hold can be put on the mailboxes in these groups. Only the mailboxes that are currently members of these groups will be placed on hold. Mailboxes added to or removed from these groups won't be added or removed from this hold. After setting the group for the location, the new member changes for this group will not auto apply to this location settings. Do you want to expand these groups?

    126 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. Stop external emails being sent directly to the onmicrosoft.com ailiases

    My organisation is using a 3rd party mail gateway in front of Office 365. However we have discovered that sending emails directly to the aliases: @<domain>.mail.onmicrosoft.com and @<domain>.onmicrosoft.com bypasses our mail gateway allowing malicious emails through.

    It should be made clear that these aliases should be locked down either by a transport rule or by being able to change the MX records, the latter not being possible at this time.

    122 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow the ability to delete a retention label definition in S&C Center if 'Record' classification

    If you've created a retention label in the Security & Compliance Center and have checked the 'Use label to classify content as a "Record"' checkbox, I would like the ability to delete the label under certain circumstances. If I've never used it, it's not published in any policy, I should be able to delete it. I've set up several "test" labels with this checkbox checked and there is no way (either thru the UI or thru PowerShell) to delete the label definition. Example: if you create a retention label and select the 'record' checkbox, save it and then immediately try…

    123 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Creation of forwarding/redirect rule

    So last night this rule triggered for the first time, wasn't really aware of it in the first place.

    Severity:● Low

    Time:6/13/2018 10:00:00 PM (UTC)

    Activity:MailRedirect

    User:person@email.com

    Details: MailRedirect. This alert is triggered whenever someone gets access to read your user's email.

    Description: This alert is triggered when someone in your organization creates an email forwarding or redirect inbox rules using Outlook web app or Powershell -V1.0.0.2

    Now to me this is an incredibly frightening message to receive, since this person has access to extremely sensitive financial information. So since I was thinking this person had been compromised, I…

    121 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    17 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base