Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. delete content from content search through gui not using New-ComplianceSearchAction

    Currently users with the ediscovery role can run search for content and download that content. Using the New-ComplianceSearchAction -purge -softdelete you can delete this content (which we use for deleting spam or malware emails out of mailboxes). We do not want our security operations team to use powershell to complete these deletes so we have to write a gui to provide this functionality. Please enable the ability to complete deletes within the SCC itself

    126 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  2. Security & Compliance Center PowerShell - ADAL Support for MFA

    PowerShell for Security & Compliance Center Needs ADAL Support, as right now it uses the Exchange connector to the Basic auth endpoint. Exchange Online PowerShell has an ADAL client now, where's the one for Security & Compliance Center?

    126 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide Mailbox Export to PST in the Admin Console

    Provide Mailbox Export to PST in the Admin Console

    124 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Creation of forwarding/redirect rule

    So last night this rule triggered for the first time, wasn't really aware of it in the first place.

    Severity:● Low

    Time:6/13/2018 10:00:00 PM (UTC)

    Activity:MailRedirect

    User:person@email.com

    Details: MailRedirect. This alert is triggered whenever someone gets access to read your user's email.

    Description: This alert is triggered when someone in your organization creates an email forwarding or redirect inbox rules using Outlook web app or Powershell -V1.0.0.2

    Now to me this is an incredibly frightening message to receive, since this person has access to extremely sensitive financial information. So since I was thinking this person had been compromised, I…

    124 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    17 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. Message Trace Attachment Attribute missing

    Message Trace do not include Attachment property and by only knowing attachment name you cannot find it. For example knowing a specific attachment has been leaked out from company but you cannot search it from the Trace.

    120 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  6. EMS Suite Licensing should be free for Government Tenants

    Government IT shops are an entirely different beast than from your typical commercial customer.

    An IT shop can range in size from 2-3 staff for a small city or 100s or 1,000s for a large city/county/state. Regardless of size in terms of staff or budget, ALL of us have an identical regulatory responsibility.

    Protecting critical infrastructure and services our citizens depend on isn't an optional activity. Why are the necessary tools contained in the EMS licensing suites not made available to Government entities free of charge? These are critical tools which must be utilized in order to best protect the…

    120 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Admins be able to delete unsent mail from queue

    Office 365 admins should be able to go into the mail flow queue and delete or resend emails that show "stuck" (either pending for a long time) or duplicate emails.

    119 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Keep search-mailbox

    Microsoft announced its intention to retire legacy eDiscovery tools on 4/1/2020. We would like to see search-mailbox kept in service at least until all functionality has transitioned to other cmdlets. Search-mailbox is great for determining where a message is in a mailbox. It’s also the fastest tool for retrieving a message from a mailbox for analysis. Granting mailbox access or using content search is not as efficient.

    Please help us keep this cmdlet alive!
    https://docs.microsoft.com/en-us/microsoft-365/compliance/legacy-ediscovery-retirement

    118 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Implement sensitive data ediscovery searches in Exchange Online

    Sensitive data searches for ediscovery currently work only in Sharepoint and One Drive. It also works for DLP in Exchange. This lack severely limits the usefulness of eDiscovery in Security and Compliance for Office 365.

    118 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  10. FIDO U2F support

    Office 365 for work: We need Office 365 for Work support a FIDO Universal Second Factor (U2F) protocol standard Security Key.

    As many organisation would like to shift to Office 365 but they concern about the security standard which request Office 365 to support Universal Second Factor (U2F) protocol standard security key as Microsoft is a member of FIDO.

    116 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. ATP Safe Links - Report False Positives / Possibility to overwrite MS classification

    There is no feasible way to report false positives in ATP Safe Links.
    If you run into this scenario, you can either send an email to SafelinksFeedback@microsoft.com and wait that it is being resolved or you open a support case at Microsoft.
    Both options take a lot of time.
    However, the email containing the link classified as malicious by Microsoft has already been sent out and the expectation is to make this link working as soon as possible.

    Therefore, there needs to be a way to report those links which have to be re-classified (with a proper process attached) or…

    116 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow disabling of SPF checks

    As a user using both a dedicated security based ESP (Mimecast) with Office 365 Exchange, I have no need for many of the Office 365 security features.

    Most annoyingly is the fact that forwarding from my ESP fails the Office 365 SPF checks, because the sending domain doesn't match the IP range of the source any more.

    I wouldn't mind except Office 365 won't even allow me to disable SPF checking!

    This means a typical message is stamped with an SPF 'pass' from Mimecast and an SPF 'fail' from Office 365.

    This in turn could interfere with anti-spam rules within…

    115 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow us to extract the unified audit logs more than 90 days ago

    Allow us to extract the unified audit logs more than 90 days ago

    I think that many large enterprises have this desire in security policy.

    115 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Office 365 needs a suite-wide URL web link shortener

    I could increase the adoption of various features / apps in Office 365 if I had a URL web link shortener in my tenant.

    For example, we recently had some groups working on shared Word documents via OneDrive. In order to help them get up-to-speed, I created a bit.ly link so that they could get directly to the OneDrive where we were all working together.

    I am also trying to get people to send links to documents that they maintain versus copies. I have a mnemonic "send a link, helps me think, send a copy, make inbox sloppy."

    If the…

    113 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Retention Policy - Office 365 Groups - Separate Deletion settings for Exchange & SharePoint workload

    Retention Policies for Office 365 Groups currently treat all resources the same (i.e. Exchange and SharePoint). We need the ability to configure email items to delete after X years, but not delete documents stored on SharePoint.

    112 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Make secure score available to partners

    As a Partner I have access to the tenant of my clients. I'm not able to see the score of my clients tenant and check easily what changes need to be done and discuss this with my clients.
    I can only do this when I have an separate admin account of the clients tenant.
    Now with the integration of secure score into the compliance center shows a widget of the score but not the actions that needs to be taken. Please integrate the full secure score

    111 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  17. Block Office Files with Macro's

    We are getting numerous malware attacks with zero hour Office files containing malicious Macro's, these are often blocked within 60-90 minutes but some are still being received by users. The signature is changing regularly so they aren't picked up by your scanners despite the original virus being around 12 months old.

    We do educate the users not to open them and Macro's are disabled, but blocking the content at the gateway would be better.

    Some of this functionality was available in Forefront for Exchange.

    109 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  18. Branding Quarantine notification mail and scheduling when notification goes out


    1. It would be nice if you could extend some of the company branding to the quarantine notification email. Add in a logo and maybe some contact info for the helpdesk or whomever. Also the ability to add a link to the quarantine site so they can manage more than one message if they so choose.


    2. Other anti spam providers allow you to schedule when the quarantine message goes out. It's nice to be able to set it to arrive in the users mailbox around the time they arrive. This way they have the latest and greatest.


    108 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Alert Policy for Inbox Rule Creation/Deletion/Modification

    Currently O365 has an alert for forwarding/redirect rule within Security and Compliance Center. Considering that most phishing campaigns are crafted with someone setting up Inbox rules to move messages to another folder which are monitored, creating a man-in-the-middle attack. It would benefit tremendously to be alerted whenever a user creates/deletes/modify an inbox rule to prevent attacks before they happen.

    108 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Conditional Access by Network Location

    Want to bring network location-based conditional access policy to not only SharePoint but also the whole of office365.

    104 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base