1. It would be nice if you could extend some of the company branding to the quarantine notification email. Add in a logo and maybe some contact info for the helpdesk or whomever. Also the ability to add a link to the quarantine site so they can manage more than one message if they so choose.




2. Other anti spam providers allow you to schedule when the quarantine message goes out. It's nice to be able to set it to arrive in the users mailbox around the time they arrive. This way they have the latest and greatest.

Want to bring network location-based conditional access policy to not only SharePoint but also the whole of office365.

I have a requirement from a large customer (85K users) that needs to be able to perform eDiscovery collections for specific Outlook folders. We can do date range and Full Mbx collections, but not specific folders. This was possible on-premises, but not in Exchange Online ????

Safelinks currently requires you enter each url you'd like to allow through. I'd like to have safelinks allow a wildcard domain. for instance we get many emails from our own systems pointing to internal urls. sometimes those emails get distorted because the url's are listed in plain text and replaced with the safelink.

I'd like to allow wildcard https://.mydomain.com/ to allow domains such as web.mydomain.com/page and test.mydomain.com/stuff to go through with by making one simple rule vs theoretically hundreds.

When a retention label duration is based on the date the label is applied, the retention period may not be changed. It can be changed if the Created or last modified is chosen. This is impacting our ability to use the retention policies as they need to be active from the date of application with the capability to change duration in the future.

I'd very much like to see support for CAA records in the future =).
See https://support.dnsimple.com/articles/caa-record/

The check for this record is going to be mandatory with September 2017. The security of all our certificates and domains would be greatly improved if we could set this record :)

Fix DMARC implementation to match the RFC 7489 defined behaviour for p=reject and p=quarantine.
Current behaviour p=reject messages are quarantined???

I would like to Create and alert if there are failed login attempts or successful login attempts from IP addresses originating outside of my City/State/Country.

Allow us to either white list IP addresses and alert for any not on the white list. Blacklist IP addresses and alert based off of just black list. Select Country regions and alert if selected countries IP addresses are the originating IP. Allow us to alert for only failures, only successes, or both.

Currently Directory Based Edge Blocking Feature in EOP does not support Mail Enabled Public Folders and Dynamic Distribution Groups. If customer have any of these recipient types then they have to disabled DBEB for receiving external emails routed to tenant through EOP. It will be great if we can provide an interface to manage DBEB to which customer can explicitly add recipients which are picked up by EOP. This will be very helpful for standalone EOP customer who would want to use DBEB feature to thwart Directory based harvest attacks

The Report Message add in is great, but there is a limitation around not supporting additional mailboxes (shared\functional). Would be great if this add-in could support additional mailboxes as well as the primary mailbox.

When an account compromise happens, the majority of times the threat actor will create a new-inboxrule to hide their activity. Currently when new-inboxrules are created there is no logging for the Creation Date via powershell cmdlet. If we could get this logged, it would help tremendously with account compromises. Also adding a historical rule creation view for past 90 days would be beneficial as well.

Right now the audit log search allows for searching user sign-ins but not failed login attempts. This can be accessed by exporting the events but having that feature available in the search would make it more convenient to get an at-a-glance view of failed attempts and the IP addresses that are attempting to get access. This is not to say I don't trust Microsoft's ability to detect suspicious logins; it's more for our own situational awareness of where *********** attempts are coming from.

Third party spam filters, such as the offerings from Barracuda, MXLogic, and many others, have the ability to allow administrators to force re-delivery of messages that may have failed due to either a restrictive rule or a SMTP alias that did not exist for a recipient (typically true with migrations from non-Exchange based systems).

It would be highly beneficial to admins to have this control and allow for forced re-delivery of messages as necessary.

Need to have the limit of 100 site collections increased for inclusion/exclusion in a retention policy. To meet business requirements where they may be thousands of site collections but not all require the same retention policy, this is very limiting limit.

Please add the ability to delegate read-access to audit logs by Activity type. For example, access to just "Power BI activities" audit logs, or "Microsoft Teams activities" audit logs.

This would be useful as different groups within IT manage the usage of different O365 services, yet they have to be given access to all or nothing.

Allow Message search by Subject in Mail Flow in addition to ECompliance & Discovery and allow an export to CSV.

Why is there a limit of 60 users that can be added to the new Anti-Phishing Policy? I would expect to have this very important feature available to ALL of our O365 users. Please remove this limitation so that we can add ALL of our O365 users to this new Anti-Phishing Policy