Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Advanced Threat Protection (ATP) - Allow to create custom malware alert notifications

    We need send a customized notification email message to recipients or administrators when a malware was detected by Safe Attachments.

    60 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
    • Admins be able to delete unsent mail from queue

      Office 365 admins should be able to go into the mail flow queue and delete or resend emails that show "stuck" (either pending for a long time) or duplicate emails.

      60 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        7 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Add search for failed login attempts to Audit Log Search

        Right now the audit log search allows for searching user sign-ins but not failed login attempts. This can be accessed by exporting the events but having that feature available in the search would make it more convenient to get an at-a-glance view of failed attempts and the IP addresses that are attempting to get access. This is not to say I don't trust Microsoft's ability to detect suspicious logins; it's more for our own situational awareness of where *********** attempts are coming from.

        59 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
        • Policy Tip Support for Rules with Sender/Domain Filtering

          Currently, Policy Tip actions are not supported when creating a DLP rule that has sender or domain filtering criteria.

          The error message states "The NotifySender action isn't compatible with 'RecipientDomainIs' predicate."

          We'd like to see this action supported so we can configure our rules based on our business requirements.

          59 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
          • increased logging capabilities

            When a standard user logs into Office 365 (SharePoint Online, Exchange Online, etc.) reporting should also include the following:

            Login Username
            Microsoft Office 365 IP
            User/Client IP
            User-Agent
            Success/Failure of Login

            This will allow security folks to monitor for compromised accounts, as well as help with compliance.

            59 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              6 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Creation of forwarding/redirect rule

              So last night this rule triggered for the first time, wasn't really aware of it in the first place.

              Severity:● Low

              Time:6/13/2018 10:00:00 PM (UTC)

              Activity:MailRedirect

              User:person@email.com

              Details: MailRedirect. This alert is triggered whenever someone gets access to read your user's email.

              Description: This alert is triggered when someone in your organization creates an email forwarding or redirect inbox rules using Outlook web app or Powershell -V1.0.0.2

              Now to me this is an incredibly frightening message to receive, since this person has access to extremely sensitive financial information. So since I was thinking this person had been compromised, I…

              58 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                10 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
              • include changes in journal rules as an activity alert in the Security and Compliance center

                Please consider adding changes in Journal Rules (Exchange) as an activity for alert in the Security and Compliance center. We have many customers who would find value in this.

                57 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  13 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
                • Introduce customisation to built in DLP rules (or allow exceptions to existing rules)

                  We use DLP on email to assist in our PCI compliance. As an online payments provider, we often provide dummy credit card information to help our customers set up their APIs (typically 4444 3333 2222 1111). Unfortunately, despite this *not* being a valid card number, it triggers Microsoft's built in "Credit Card" definition resulting in 100s of false positives per week. We need to have this hard coded as an exception to the "Credit Card" definition, or, better yet, allow definitions to be customised and/or excluded from via. the Admin portal.

                  56 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                  • Add recipient (TO:) on Malware notifications

                    ΦSteps to reproduce
                    ~Step 1:Set Notification when Malware is detected~
                    1. In the Exchange admin center (EAC), navigate to Protection > Malware filter.
                    2. Select the Default policy > Click the edit icon
                    3. Click the Settings menu option. In the Administrator Notifications section, select the check boxes to Notify administrator about undelivered messages from internal senders and to Notify administrator about undelivered messages from external senders. Specify the email address.
                    4. Click Save.

                    ~ Step 2:Send a Malware mail~
                    Access https://www.andymillar.co.uk/blog/2007/12/06/testing-your-email-virus-scanner-with-eicar/ and enter email into the box. Click Email Me EICAR!

                    ~ Step 3:Admin receives the Malware notification as…

                    56 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                    • Create a web form to submit malicious links for ATP SafeLinks

                      Allow users to submit links for known malicious sites that can be flagged as such by ATP SafeLinks.

                      After a recent phishing message that included a malicious link that was not flagged as such by SafeLinks, I opened a Premier case and sent the link, and Premier sent it on to engineering. A couple hours later it was blocked by Safe Links.

                      There has to be a faster/more direct way to get malicious URLs blocked by SafeLinks!

                      56 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        thinking about it  ·  0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                      • Make secure score available to partners

                        As a Partner I have access to the tenant of my clients. I'm not able to see the score of my clients tenant and check easily what changes need to be done and discuss this with my clients.
                        I can only do this when I have an separate admin account of the clients tenant.
                        Now with the integration of secure score into the compliance center shows a widget of the score but not the actions that needs to be taken. Please integrate the full secure score

                        56 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          4 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
                        • Office 365 quarantine report should have a link to view live quarantine

                          This is a simple feature to implement and my users were used to it with Appriver. My users get a report of their quarantined emails daily, that emailed report should have a link (https://admin.protection.outlook.com/quarantine) for the users to click to view their quarantined email at any time, so they don't have to wait a day.

                          54 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                          • Option to use default folder structure for eDiscovery PST Export

                            I recently learned that the one of the only ways to move mailboxes from one tenant to another is to use the eDiscovery PST export tool and the PST Import tool. The problem is that the eDiscovery PST export tool places the default folders inside a folder called "Primary Mailbox". When this PST is imported into the new mailbox, all folders are placed inside this "Primary Mailbox" folder rather than being merged into the default folders. We had to manually move all folders to the root of the PST before importing the PST into the new mailbox. It would have…

                            53 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
                            • More Than 8-Character Minimum Password Requirement

                              Allow for the current 8-character minimum requirement to be changed to something longer (i.e. – 10 or 12). Allowing for an 8-character minimum password length ensures mostly that.

                              Changing character density from 8 to 10 characters increases offline resilience from less than a day to almost two (2) decades, and 12 characters to over a thousand centuries [ref: Gibson research Center’s ‘Haystack’ page - https://www.grc.com/haystack.htm ].

                              Allowing administrators the option of lifting this minimum not only forces users to create potentially more secure passwords, but also allows them to use them longer without needing to change them… potentially until there…

                              53 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow us to create alerts for sign in Failures and Successes based off of IP Geo Location. Alerts if log in success outside of country.

                                I would like to Create and alert if there are failed login attempts or successful login attempts from IP addresses originating outside of my City/State/Country.

                                Allow us to either white list IP addresses and alert for any not on the white list. Blacklist IP addresses and alert based off of just black list. Select Country regions and alert if selected countries IP addresses are the originating IP. Allow us to alert for only failures, only successes, or both.

                                53 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  5 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
                                • Have reasonable exceptions for Advanced Threat Protection rules

                                  None of the exception options currently in ATP make any sense, since they permanently exclude particular users. If I wanted to exclude particular users, groups, or domains, I just wouldn't purchase ATP licenses for them. To be useful, the exceptions would have to cover use cases where for the same recipient some messages could be excluded from scanning under certain "exceptional" circumstances. There is no reason to purchase an ATP license if I was just going to entirely exclude a user's email from being scanned.

                                  I had expected that by creating exceptions for certain DNS domains that I could exclude…

                                  53 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                                  • enable the adjustment of time zone for message trace tool

                                    Hello.I suggest the Time zone on the message trace tool should be adjustable for administrators.This will enable the administrators to view mails trace in their local time as real time.

                                    Thank you

                                    52 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      5 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Create Content searches based on message ID, Time, and null/blank subjects.

                                      Employee's send out emails with no subjects all the time, however I am unable to add a null/blank subject as a condition in content search.

                                      I am also unable to content search or filter based off of message ID.

                                      There is also no time option, only date, as a search condition.

                                      This makes content searching for an email with no subject a huge pain.

                                      Please add the ability to create content searches based off of blank/null subjects, sent time between X and Y, and based off of message ID in the mail headers as an option.

                                      52 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Ability to apply multiple Branding Options for Office 365 Message Encryption

                                        Office 365 Message Encryption currently only provides the ability to specify one set of branding configurations (see https://technet.microsoft.com/en-us/library/dn569292.aspx). Large enterprises that have multiple entities need the ability to provide branding for each entity.

                                        For example, if Contoso was comprised of entities Fabrikam, Northwind, and ADatum, each entity should be able to specify it's own branding for OME.

                                        51 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                        • Extend the Audit Log to hold records for longer than ninety days

                                          The Audit Log's functionality in Office 365 is excellent but the logs are only held for ninety days rolling.

                                          Due to this we are having to look at third party solutions to export the logs automatically, but this would be much easier if you extended the logging period out to a much longer period - years would be better than months.

                                          51 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            6 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base