Enable encryption to be a link in the body of the message instead of an attachment. Many filters block html attachments.

Currently office365 has a messaging limit of 30 per minute. It would be idial to have this increased to maybe at least 50 per minute.

Employee's send out emails with no subjects all the time, however I am unable to add a null/blank subject as a condition in content search.

I am also unable to content search or filter based off of message ID.

There is also no time option, only date, as a search condition.

This makes content searching for an email with no subject a huge pain.

Please add the ability to create content searches based off of blank/null subjects, sent time between X and Y, and based off of message ID in the mail headers as an option.

As a support provider I've seen an influx of fraudulent access cases. I would like to see an audit log option (and alert) for Inbox and Forwarding Rules as well as for Mass Failed Logins.
I know that for E5 and Advanced Security Management subscribers they can create something for failed logins but with this becoming more common place I think the people would appreciate this functionality.

I'd very much like to see support for CAA records in the future =).
See https://support.dnsimple.com/articles/caa-record/

The check for this record is going to be mandatory with September 2017. The security of all our certificates and domains would be greatly improved if we could set this record :)

Adding Preservation Policies for Sharepoint and OneDrive is to time consuming. There needs to be an easier option to preserve all users drives and SharePoint Sites.

The current wizard is 9 pages and you need to have the exact address of the users site to add each one. It would take months for me to add all of my users in this way.

Preservation policies for Mailboxes at least let you search and select all to add them, so it would take considerably less time to complete. That would be at least a modest improvement.

Fix ATP Threat Explorer Incident Reporting

We would like to use ATP Threat Explorer to mitigate phishing messages coming into our environment. The incident reporting does not build confidence in the tool. As an example I recently used it to hard delete 6 messages from our environment. The incident report did not give data for two full days. When it did, it reported status "Failed". However, looking at the report details, all six messages show hard delete status "Success", with no failures. Accurate and timely reporting of incident results will build confidence in the ATP Threat Explorer tool.

My organisation is using a 3rd party mail gateway in front of Office 365. However we have discovered that sending emails directly to the aliases: @<domain>.mail.onmicrosoft.com and @<domain>.onmicrosoft.com bypasses our mail gateway allowing malicious emails through.

It should be made clear that these aliases should be locked down either by a transport rule or by being able to change the MX records, the latter not being possible at this time.

I would like to Create and alert if there are failed login attempts or successful login attempts from IP addresses originating outside of my City/State/Country.

Allow us to either white list IP addresses and alert for any not on the white list. Blacklist IP addresses and alert based off of just black list. Select Country regions and alert if selected countries IP addresses are the originating IP. Allow us to alert for only failures, only successes, or both.

We need send a customized notification email message to recipients or administrators when a malware was detected by Safe Attachments.

The Audit Log's functionality in Office 365 is excellent but the logs are only held for ninety days rolling.

Due to this we are having to look at third party solutions to export the logs automatically, but this would be much easier if you extended the logging period out to a much longer period - years would be better than months.

As a Partner I have access to the tenant of my clients. I'm not able to see the score of my clients tenant and check easily what changes need to be done and discuss this with my clients.
I can only do this when I have an separate admin account of the clients tenant.
Now with the integration of secure score into the compliance center shows a widget of the score but not the actions that needs to be taken. Please integrate the full secure score

When a standard user logs into Office 365 (SharePoint Online, Exchange Online, etc.) reporting should also include the following:

Login Username
Microsoft Office 365 IP
User/Client IP
User-Agent
Success/Failure of Login

This will allow security folks to monitor for compromised accounts, as well as help with compliance.

This is a simple feature to implement and my users were used to it with Appriver. My users get a report of their quarantined emails daily, that emailed report should have a link (https://admin.protection.outlook.com/quarantine) for the users to click to view their quarantined email at any time, so they don't have to wait a day.

Office 365 Message Encryption currently only provides the ability to specify one set of branding configurations (see https://technet.microsoft.com/en-us/library/dn569292.aspx). Large enterprises that have multiple entities need the ability to provide branding for each entity.

For example, if Contoso was comprised of entities Fabrikam, Northwind, and ADatum, each entity should be able to specify it's own branding for OME.

Please consider adding changes in Journal Rules (Exchange) as an activity for alert in the Security and Compliance center. We have many customers who would find value in this.

Currently users with the ediscovery role can run search for content and download that content. Using the New-ComplianceSearchAction -purge -softdelete you can delete this content (which we use for deleting spam or malware emails out of mailboxes). We do not want our security operations team to use powershell to complete these deletes so we have to write a gui to provide this functionality. Please enable the ability to complete deletes within the SCC itself