Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Office 365 quarantine report should have a link to view live quarantine

    This is a simple feature to implement and my users were used to it with Appriver. My users get a report of their quarantined emails daily, that emailed report should have a link (https://admin.protection.outlook.com/quarantine) for the users to click to view their quarantined email at any time, so they don't have to wait a day.

    58 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
    • provide proper controls to meet data retention requirements by blocking users from joining third party teams

      Many industries require the monitoring and retention of communications on sanctioned platforms like teams. Things like the investment advisers act (SEC rule 204-2) require that companies monitor and retain communication channels used by and for the business. Teams is a great communication tool, but lacks the controls to block users from being invited to outside teams (via their corporate sign-on!). Once a user joins another team they are bypassing all of the compliance / retention policies of their corporate tenant where their ID is owned and managed. This is so bizarre! Tenant restrictions do work (blocking sign-in as long as…

      58 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Advanced Threat Protection - SafeLinks - Create Submission Mechanism for False Positive Malicious Domains

        Advanced Threat Protection - SafeLinks - Create Submission Mechanism for False Positive Malicious Domains

        This idea would create a feedback / reporting mechanism for domains incorrectly tagged as malicious by the SafeLinks feature. We had an example of a partner domain that was tagged as malicious, had zero malware / good reputation / etc. (confirmed by Microsoft Support), and had no way to feed that information back into Microsoft for a review of the malicious domain list so it could be removed. Similar feedback mechanisms exist for false positive Spam and virus detections - URLs deserve the same treatment.

        57 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
        • include changes in journal rules as an activity alert in the Security and Compliance center

          Please consider adding changes in Journal Rules (Exchange) as an activity for alert in the Security and Compliance center. We have many customers who would find value in this.

          57 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            13 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
          • Introduce customisation to built in DLP rules (or allow exceptions to existing rules)

            We use DLP on email to assist in our PCI compliance. As an online payments provider, we often provide dummy credit card information to help our customers set up their APIs (typically 4444 3333 2222 1111). Unfortunately, despite this *not* being a valid card number, it triggers Microsoft's built in "Credit Card" definition resulting in 100s of false positives per week. We need to have this hard coded as an exception to the "Credit Card" definition, or, better yet, allow definitions to be customised and/or excluded from via. the Admin portal.

            56 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →

              As stan mentions below, this level of customization is certainly possible. There are many other tweaks you can perform based on your specific requirements. For example, you can only look for multiple cards together, or other identifying information like expiration dates. Please review the documentation and work with support as needed.

            • Add recipient (TO:) on Malware notifications

              ΦSteps to reproduce
              ~Step 1:Set Notification when Malware is detected~
              1. In the Exchange admin center (EAC), navigate to Protection > Malware filter.
              2. Select the Default policy > Click the edit icon
              3. Click the Settings menu option. In the Administrator Notifications section, select the check boxes to Notify administrator about undelivered messages from internal senders and to Notify administrator about undelivered messages from external senders. Specify the email address.
              4. Click Save.

              ~ Step 2:Send a Malware mail~
              Access https://www.andymillar.co.uk/blog/2007/12/06/testing-your-email-virus-scanner-with-eicar/ and enter email into the box. Click Email Me EICAR!

              ~ Step 3:Admin receives the Malware notification as…

              56 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
              • Create a web form to submit malicious links for ATP SafeLinks

                Allow users to submit links for known malicious sites that can be flagged as such by ATP SafeLinks.

                After a recent phishing message that included a malicious link that was not flagged as such by SafeLinks, I opened a Premier case and sent the link, and Premier sent it on to engineering. A couple hours later it was blocked by Safe Links.

                There has to be a faster/more direct way to get malicious URLs blocked by SafeLinks!

                56 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  thinking about it  ·  1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                • dlp report

                  We need to improve reporting for violations on DLP on exchange. We need to extract a detailed report containing information related to the source of the violation. For example, if the violation comes from exchange email we need source email and destination.

                  56 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    5 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                  • enable the adjustment of time zone for message trace tool

                    Hello.I suggest the Time zone on the message trace tool should be adjustable for administrators.This will enable the administrators to view mails trace in their local time as real time.

                    Thank you

                    56 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      5 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
                    • Have reasonable exceptions for Advanced Threat Protection rules

                      None of the exception options currently in ATP make any sense, since they permanently exclude particular users. If I wanted to exclude particular users, groups, or domains, I just wouldn't purchase ATP licenses for them. To be useful, the exceptions would have to cover use cases where for the same recipient some messages could be excluded from scanning under certain "exceptional" circumstances. There is no reason to purchase an ATP license if I was just going to entirely exclude a user's email from being scanned.

                      I had expected that by creating exceptions for certain DNS domains that I could exclude…

                      55 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                      • enable tls 1.3 support

                        please enable tls 1.3 support.
                        This will improve rtt times and improve privacy.

                        55 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
                        • A bug when creating a Retention Policy for Skype for Business in the O365 Admin portal

                          When creating the policy, the * means all, but it still forces you to select users to add to the retention policy.

                          53 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            4 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                          • Exclude email accounts from DLP policies

                            We would like to setup a DLP policy to prevent emails being sent containing NI/SSN information, with the option for users to override. However, we use Zendesk for client tickets which, when picked up in the policy, the override is seen by Zendesk as a auto-response and suspends the ticket.

                            We tried to exclude email accounts related to Zendesk but it appears the options were only visible because we were setup for First Release content and the ability to exclude emails should not be possible.

                            Please could this be added so that specific email accounts can be excluded from the…

                            52 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                            • Enable language support for Policy Tips in DLP/Security & Compliance

                              Need the possibility to have Policy Tips for DLP rules in multiple languages when created in Office 365 Security & Compliance (as you can do in Exchange Online Admin). The policy tip should match the language you have in Office. Now it's mixed with the static text in the Policy Tip and the custom text you have entered in the rule

                              52 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                5 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                              • Fix DMARC implementation to match the RFC7489 defined behaviour for p=reject and p=quarantine

                                Fix DMARC implementation to match the RFC 7489 defined behaviour for p=reject and p=quarantine.
                                Current behaviour p=reject messages are quarantined???

                                52 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                                • OneDrive Content search across Geos

                                  Currently, performing a content search of OneDrives across a multi-geo environment isn't possible, it only searches the default Geo, not satellite Geos. If you create a security compliance filter targeted at your satellite geo and put the eDiscovery person in the role, then they can search that satellite geo. Please update oneDrive content search to search across geos the same way that an Exchange mailbox search works, without requiring adding/removing them from security compliance filters. (This workaround was the result of working with Microsoft Premier support, so it's legit.)

                                  51 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
                                  • End-user Spam Notifications by User or Group

                                    Have the ability to configure End-User Spam Notification by User or by Group. Currently we use a 3rd product to handle spam blocking and it sends a daily email with a list of blocked spam. Not all of our users care to receive this email so we would like to be able to control this feature within Office 365 but have the ability to configure which users want to receive the daily spam list or not. Currently Office 365 only let this be done by domain names. The ability to control who gets these notification should be able to be…

                                    50 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
                                    • granular audit logging

                                      We are a hospital and we need granularity on if an account got breached the timestamp of when the email was last previewed/read/deleted or moved.

                                      50 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
                                      • E-mail (OWA) Access alert to user as well as Admin from Non-Regular-Machine

                                        If user tried to access mail from non regular machine, I think its better alert has to be sent to user as well as Admin.Based on the user or Admin confirmation, mail has to be accessible otherwise it has to be blocked temporarily (restricted) and it would be better if we get the access location also.

                                        49 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          9 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Allow Security and Compliance Features to be scoped

                                          Features such as ediscovery, legal holds and message tracking that have moved into the security and compliance center are not able to be scoped. i.e. delegated admins can search all mailboxes instead of the mailboxes within the domains that they have access to.

                                          48 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base