Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Branding Quarantine notification mail and scheduling when notification goes out


    1. It would be nice if you could extend some of the company branding to the quarantine notification email. Add in a logo and maybe some contact info for the helpdesk or whomever. Also the ability to add a link to the quarantine site so they can manage more than one message if they so choose.


    2. Other anti spam providers allow you to schedule when the quarantine message goes out. It's nice to be able to set it to arrive in the users mailbox around the time they arrive. This way they have the latest and greatest.


    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Retention Policy - Office 365 Groups - Separate Deletion settings for Exchange & SharePoint workload

    Retention Policies for Office 365 Groups currently treat all resources the same (i.e. Exchange and SharePoint). We need the ability to configure email items to delete after X years, but not delete documents stored on SharePoint.

    80 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add search for failed login attempts to Audit Log Search

    Right now the audit log search allows for searching user sign-ins but not failed login attempts. This can be accessed by exporting the events but having that feature available in the search would make it more convenient to get an at-a-glance view of failed attempts and the IP addresses that are attempting to get access. This is not to say I don't trust Microsoft's ability to detect suspicious logins; it's more for our own situational awareness of where *********** attempts are coming from.

    80 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Exclude email accounts from DLP policies

    We would like to setup a DLP policy to prevent emails being sent containing NI/SSN information, with the option for users to override. However, we use Zendesk for client tickets which, when picked up in the policy, the override is seen by Zendesk as a auto-response and suspends the ticket.

    We tried to exclude email accounts related to Zendesk but it appears the options were only visible because we were setup for First Release content and the ability to exclude emails should not be possible.

    Please could this be added so that specific email accounts can be excluded from the…

    80 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  5. We do cannot trace emails based on Subject

    We do cannot trace emails based on Subject , specially when we are dealing with SPAM emails that got delivered to almost all users

    79 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  6. Need to have the limit of 100 site collections increased for inclusion/exclusion in a retention policy.

    Need to have the limit of 100 site collections increased for inclusion/exclusion in a retention policy. To meet business requirements where they may be thousands of site collections but not all require the same retention policy, this is very limiting limit.

    79 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. Retention Labels - Time Left - Report all files with label

    Hi,

    Would it be possible to have a report system or dahsboard, which would report on Time left of the retention period for all items or even just files that have a particualar label applied that the user has created.

    For example. A calculated column that shows the item, location, retention/deletion, time remaining before it happens, based on whether it was, either labeled, created, last modifed. (hope it makes sence)

    Currently you have to use the 'content search' area [search and investigation] and do the calculations there within excel on any given report.

    see the post here for some more…

    78 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  8. enable tls 1.3 support

    please enable tls 1.3 support.
    This will improve rtt times and improve privacy.

    78 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    working on it  ·  1 comment  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add support for CAA records in DNS panel

    I'd very much like to see support for CAA records in the future =).
    See https://support.dnsimple.com/articles/caa-record/

    The check for this record is going to be mandatory with September 2017. The security of all our certificates and domains would be greatly improved if we could set this record :)

    77 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. dlp report

    We need to improve reporting for violations on DLP on exchange. We need to extract a detailed report containing information related to the source of the violation. For example, if the violation comes from exchange email we need source email and destination.

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  11. Create DLP Policy Based on Sensitivity Label

    Create a DLP Policy where you can add the Sensitive Label on it because currently, only Sensitive info type and Retention Label can be added

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  12. Option to use default folder structure for eDiscovery PST Export

    I recently learned that the one of the only ways to move mailboxes from one tenant to another is to use the eDiscovery PST export tool and the PST Import tool. The problem is that the eDiscovery PST export tool places the default folders inside a folder called "Primary Mailbox". When this PST is imported into the new mailbox, all folders are placed inside this "Primary Mailbox" folder rather than being merged into the default folders. We had to manually move all folders to the root of the PST before importing the PST into the new mailbox. It would have…

    75 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow dynamic retention policy based on group membership

    The below is too great a restriction and renders the retention policy useless.

    Groups selection confirmation

    The specified groups will be expanded so that an In-Place Hold can be put on the mailboxes in these groups. Only the mailboxes that are currently members of these groups will be placed on hold. Mailboxes added to or removed from these groups won't be added or removed from this hold. After setting the group for the location, the new member changes for this group will not auto apply to this location settings. Do you want to expand these groups?

    75 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. Email notification of Quarantined Emails for Admins

    In addition to the below feature, quarantine should have an email notification for Admins (option or to be enabled) so that they can review and can release or delete accordingly via a link that is included in the email. Cannot rely on end user to release...

    ————-
    Share: Updated feature: Email quarantine capabilities

    74 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Audit Log Functionality for New Inbox / Forwarding Rule / Mass Failed Logins

    As a support provider I've seen an influx of fraudulent access cases. I would like to see an audit log option (and alert) for Inbox and Forwarding Rules as well as for Mass Failed Logins.
    I know that for E5 and Advanced Security Management subscribers they can create something for failed logins but with this becoming more common place I think the people would appreciate this functionality.

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow users to migrate their Microsoft accounts to Office 365

    When a firm establishes an Office 365 tenant, they should have the option to allow users to migrate their existing Microsoft Account identities to the company account. This should migrate their existing OneDrive and other consumer data to the corporate account as well as "merge" the identities so access given to other Office 365 tenants' SharePoint and other sites transfers over. Users could also opt not to migrate, in which case they should be required to "vacate" the company domain and migrate to an outlook.com or other consumer branded domain, much like the old Lync/OCS federation process that took place…

    70 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow journaling into Office 365 mailbox

    Either sell a separate Journaling license if it is more expensive to keep journal on Office 365 and price the license according to data amounts like $10 per 100GB/month. Or have an option to put Litigation hold on all mail traffic going through the tenancy. Currently only mailboxes with licenses assigned can have litigation hold so getting those licenses for all shared mailboxes would help a little but would be very costly as shared mailboxes will not need the office or any other licensed features. Even when licensing all shared and user mailboxes, that would not keep the mail that…

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Delegate Audit Log access by Activity Type

    Please add the ability to delegate read-access to audit logs by Activity type. For example, access to just "Power BI activities" audit logs, or "Microsoft Teams activities" audit logs.

    This would be useful as different groups within IT manage the usage of different O365 services, yet they have to be given access to all or nothing.

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Office Message Encryption - Link instead of HTML attachment

    Enable encryption to be a link in the body of the message instead of an attachment. Many filters block html attachments.

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. provide proper controls to meet data retention requirements by blocking users from joining third party teams

    Many industries require the monitoring and retention of communications on sanctioned platforms like teams. Things like the investment advisers act (SEC rule 204-2) require that companies monitor and retain communication channels used by and for the business. Teams is a great communication tool, but lacks the controls to block users from being invited to outside teams (via their corporate sign-on!). Once a user joins another team they are bypassing all of the compliance / retention policies of their corporate tenant where their ID is owned and managed. This is so bizarre! Tenant restrictions do work (blocking sign-in as long as…

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base