As a Partner I have access to the tenant of my clients. I'm not able to see the score of my clients tenant and check easily what changes need to be done and discuss this with my clients.
I can only do this when I have an separate admin account of the clients tenant.
Now with the integration of secure score into the compliance center shows a widget of the score but not the actions that needs to be taken. Please integrate the full secure score

need an option to send an automatic reply/response to any sender emailing a specific recipient in the organisation via a transport rule. the option is available in Exchange 2013 so should be possible in Office 365. a rule from the mailbox is not suitable as this will only send the response once to each sender. the mailbox is not monitored so customers should be sent an acknowledgement email to confirm that their email has been received.

Currently it appears set at 2 months. Would like to see ability to increase/decrease. Maybe max 1 year? Not sure the exact max needed, it would likely change by customer needs/retention policy.

We are getting numerous malware attacks with zero hour Office files containing malicious Macro's, these are often blocked within 60-90 minutes but some are still being received by users. The signature is changing regularly so they aren't picked up by your scanners despite the original virus being around 12 months old.

We do educate the users not to open them and Macro's are disabled, but blocking the content at the gateway would be better.

Some of this functionality was available in Forefront for Exchange.

Fix DMARC implementation to match the RFC 7489 defined behaviour for p=reject and p=quarantine.
Current behaviour p=reject messages are quarantined???

Want to bring network location-based conditional access policy to not only SharePoint but also the whole of office365.

I have a requirement from a large customer (85K users) that needs to be able to perform eDiscovery collections for specific Outlook folders. We can do date range and Full Mbx collections, but not specific folders. This was possible on-premises, but not in Exchange Online ????

Safelinks currently requires you enter each url you'd like to allow through. I'd like to have safelinks allow a wildcard domain. for instance we get many emails from our own systems pointing to internal urls. sometimes those emails get distorted because the url's are listed in plain text and replaced with the safelink.

I'd like to allow wildcard https://.mydomain.com/ to allow domains such as web.mydomain.com/page and test.mydomain.com/stuff to go through with by making one simple rule vs theoretically hundreds.

The new version of OME that is now more integrated into AIP, needs to have an encrypt only option such as you can configure using the message classification configuration.

The DNF use case is too restrictive for our organisation.

Thank you for consideration.

Currently O365 has an alert for forwarding/redirect rule within Security and Compliance Center. Considering that most phishing campaigns are crafted with someone setting up Inbox rules to move messages to another folder which are monitored, creating a man-in-the-middle attack. It would benefit tremendously to be alerted whenever a user creates/deletes/modify an inbox rule to prevent attacks before they happen.

Advanced Threat Protection - SafeLinks - Create Submission Mechanism for False Positive Malicious Domains

This idea would create a feedback / reporting mechanism for domains incorrectly tagged as malicious by the SafeLinks feature. We had an example of a partner domain that was tagged as malicious, had zero malware / good reputation / etc. (confirmed by Microsoft Support), and had no way to feed that information back into Microsoft for a review of the malicious domain list so it could be removed. Similar feedback mechanisms exist for false positive Spam and virus detections - URLs deserve the same treatment.

The below is too great a restriction and renders the retention policy useless.

Groups selection confirmation

The specified groups will be expanded so that an In-Place Hold can be put on the mailboxes in these groups. Only the mailboxes that are currently members of these groups will be placed on hold. Mailboxes added to or removed from these groups won't be added or removed from this hold. After setting the group for the location, the new member changes for this group will not auto apply to this location settings. Do you want to expand these groups?

In addition to the below feature, quarantine should have an email notification for Admins (option or to be enabled) so that they can review and can release or delete accordingly via a link that is included in the email. Cannot rely on end user to release...

————-
Share: Updated feature: Email quarantine capabilities

Office 365 admins should be able to go into the mail flow queue and delete or resend emails that show "stuck" (either pending for a long time) or duplicate emails.

1. It would be nice if you could extend some of the company branding to the quarantine notification email. Add in a logo and maybe some contact info for the helpdesk or whomever. Also the ability to add a link to the quarantine site so they can manage more than one message if they so choose.




2. Other anti spam providers allow you to schedule when the quarantine message goes out. It's nice to be able to set it to arrive in the users mailbox around the time they arrive. This way they have the latest and greatest.

Junkmail filtering has been a constant pain point for me with O365 business and Outlook. The spam filters have an awfully high number of false positives, and only rarely capture real spam (I don't get much on these accounts). Most of the mail that gets filtered is from the same set of senders even though I constantly tell Outlook that these messages are not Junk. O365 needs to leverage this data to improve filtering reliability.

I would like to Create and alert if there are failed login attempts or successful login attempts from IP addresses originating outside of my City/State/Country.

Allow us to either white list IP addresses and alert for any not on the white list. Blacklist IP addresses and alert based off of just black list. Select Country regions and alert if selected countries IP addresses are the originating IP. Allow us to alert for only failures, only successes, or both.