Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Office 365 needs a suite-wide URL web link shortener

    I could increase the adoption of various features / apps in Office 365 if I had a URL web link shortener in my tenant.

    For example, we recently had some groups working on shared Word documents via OneDrive. In order to help them get up-to-speed, I created a bit.ly link so that they could get directly to the OneDrive where we were all working together.

    I am also trying to get people to send links to documents that they maintain versus copies. I have a mnemonic "send a link, helps me think, send a copy, make inbox sloppy."

    If the…

    95 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Advanced Threat Protection and Dynamic Delivery of emails

    With Dynamic Delivery, email is delivered with a provisional attachment that indicates that the original attachment is being scanned by ATP and will be delivered soon. If this email if forwarded before the original attachment is released by ATP, the recipient of the forwarded email will receive the provisional attachment and never see the original attachment once released to the first recipient.
    This is a problem for business where many executives on the move use mobile phones to routinely forward emails to team members for follow-up. We also have users who setup Outlook rule that forward emails to other users. …

    94 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enforce Microsoft Authenticator App Lock

    We would like to enforce the 'app lock' setting on the Microsoft Authenticator app to force users to either enter their device passcode or use biometric authentication before opening the app.

    This could be through an Intune app config or a built in setting.

    Currently if an unlocked device was compromised, the attacker would be able to circumvent account MFA security.

    90 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add search for failed login attempts to Audit Log Search

    Right now the audit log search allows for searching user sign-ins but not failed login attempts. This can be accessed by exporting the events but having that feature available in the search would make it more convenient to get an at-a-glance view of failed attempts and the IP addresses that are attempting to get access. This is not to say I don't trust Microsoft's ability to detect suspicious logins; it's more for our own situational awareness of where *********** attempts are coming from.

    89 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow us to create alerts for sign in Failures and Successes based off of IP Geo Location. Alerts if log in success outside of country.

    I would like to Create and alert if there are failed login attempts or successful login attempts from IP addresses originating outside of my City/State/Country.

    Allow us to either white list IP addresses and alert for any not on the white list. Blacklist IP addresses and alert based off of just black list. Select Country regions and alert if selected countries IP addresses are the originating IP. Allow us to alert for only failures, only successes, or both.

    88 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Need to have the limit of 100 site collections increased for inclusion/exclusion in a retention policy.

    Need to have the limit of 100 site collections increased for inclusion/exclusion in a retention policy. To meet business requirements where they may be thousands of site collections but not all require the same retention policy, this is very limiting limit.

    88 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Retention Policy - Office 365 Groups - Separate Deletion settings for Exchange & SharePoint workload

    Retention Policies for Office 365 Groups currently treat all resources the same (i.e. Exchange and SharePoint). We need the ability to configure email items to delete after X years, but not delete documents stored on SharePoint.

    86 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. Use Outlook junk mail actions to train hosted spam filters

    Junkmail filtering has been a constant pain point for me with O365 business and Outlook. The spam filters have an awfully high number of false positives, and only rarely capture real spam (I don't get much on these accounts). Most of the mail that gets filtered is from the same set of senders even though I constantly tell Outlook that these messages are not Junk. O365 needs to leverage this data to improve filtering reliability.

    85 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    The Junk Email Reporting Add-in is our current solution for Outlook users. You can get the download for it, and learn more here:
    https://technet.microsoft.com/library/jj723127(v=exchg.150).aspx
    We do absolutely triage these submissions and use them to improve EOP.

    If you aren’t using Outlook, simply create a new mail to junk [AT] office365.microsoft.com and attach the entire message, including headers (see https://technet.microsoft.com/library/jj723151(v=exchg.150).aspx). We are looking at better reporting options for Mac and mobile users. What might be helpful here is commenting with which applications you use most.

    Administrators can also now go to http://aka.ms/FixSpam and troubleshoot their users’ most persistent spam issues.

    If you continue having difficulties, we recommend a support ticket to investigate current samples. It is frequently the case that a simple configuration issue is to blame — and support can help you figure this out.

  9. Delegate Audit Log access by Activity Type

    Please add the ability to delegate read-access to audit logs by Activity type. For example, access to just "Power BI activities" audit logs, or "Microsoft Teams activities" audit logs.

    This would be useful as different groups within IT manage the usage of different O365 services, yet they have to be given access to all or nothing.

    84 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Office 365 quarantine report should have a link to view live quarantine

    This is a simple feature to implement and my users were used to it with Appriver. My users get a report of their quarantined emails daily, that emailed report should have a link (https://admin.protection.outlook.com/quarantine) for the users to click to view their quarantined email at any time, so they don't have to wait a day.

    84 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Anti-phishing policy | User notification | Self release

    It's is great that Microsoft provides the possibility to block phishing messages but it is not clear why it is not able to provide the same functionality like in the anti-spam policy , so that the user gets an info that a mail has been moved to the quarantine and he could preview the message and decide to let it there or to release.
    Anti-phishing policy is no perfect, it creates a lot of false positives and the user will not be informed in order to check the mail and release it.
    I didn't see any argument why Microsoft is…

    84 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add support for CAA records in DNS panel

    I'd very much like to see support for CAA records in the future =).
    See https://support.dnsimple.com/articles/caa-record/

    The check for this record is going to be mandatory with September 2017. The security of all our certificates and domains would be greatly improved if we could set this record :)

    83 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. enable tls 1.3 support

    please enable tls 1.3 support.
    This will improve rtt times and improve privacy.

    82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    working on it  ·  1 comment  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  14. A bug when creating a Retention Policy for Skype for Business in the O365 Admin portal

    When creating the policy, the * means all, but it still forces you to select users to add to the retention policy.

    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Retention Labels - Time Left - Report all files with label

    Hi,

    Would it be possible to have a report system or dahsboard, which would report on Time left of the retention period for all items or even just files that have a particualar label applied that the user has created.

    For example. A calculated column that shows the item, location, retention/deletion, time remaining before it happens, based on whether it was, either labeled, created, last modifed. (hope it makes sence)

    Currently you have to use the 'content search' area [search and investigation] and do the calculations there within excel on any given report.

    see the post here for some more…

    79 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable Customization for Directory Based Edge Blocking feature in EOP

    Currently Directory Based Edge Blocking Feature in EOP does not support Mail Enabled Public Folders and Dynamic Distribution Groups. If customer have any of these recipient types then they have to disabled DBEB for receiving external emails routed to tenant through EOP. It will be great if we can provide an interface to manage DBEB to which customer can explicitly add recipients which are picked up by EOP. This will be very helpful for standalone EOP customer who would want to use DBEB feature to thwart Directory based harvest attacks

    79 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. New-InboxRule cmdlet needs CreationDate added

    When an account compromise happens, the majority of times the threat actor will create a new-inboxrule to hide their activity. Currently when new-inboxrules are created there is no logging for the Creation Date via powershell cmdlet. If we could get this logged, it would help tremendously with account compromises. Also adding a historical rule creation view for past 90 days would be beneficial as well.

    78 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow users to migrate their Microsoft accounts to Office 365

    When a firm establishes an Office 365 tenant, they should have the option to allow users to migrate their existing Microsoft Account identities to the company account. This should migrate their existing OneDrive and other consumer data to the corporate account as well as "merge" the identities so access given to other Office 365 tenants' SharePoint and other sites transfers over. Users could also opt not to migrate, in which case they should be required to "vacate" the company domain and migrate to an outlook.com or other consumer branded domain, much like the old Lync/OCS federation process that took place…

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add functionality to re-deliver failed messages from Message Trace

    Third party spam filters, such as the offerings from Barracuda, MXLogic, and many others, have the ability to allow administrators to force re-delivery of messages that may have failed due to either a restrictive rule or a SMTP alias that did not exist for a recipient (typically true with migrations from non-Exchange based systems).

    It would be highly beneficial to admins to have this control and allow for forced re-delivery of messages as necessary.

    75 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ability to limit access to Online Archive by Client Location

    We'd like the ability to limit access for users to their O365 Online Archives by client location/IP.

    For example, if the user is connected to the corporate network, their online archive should be accessible through Outlook. If the user is away, working from home, etc, the online archive is not available/accessible.

    Whilst we have security measures in place (like MFA) for accounts if a user's credentials are stolen, the most common access would be via OWA from an external location/IP. By archiving (moving) old/sensitive email to the online archive, and restricting access by location, we could effectively limit the amount…

    74 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base