Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. incident

    Fix ATP Threat Explorer Incident Reporting

    We would like to use ATP Threat Explorer to mitigate phishing messages coming into our environment. The incident reporting does not build confidence in the tool. As an example I recently used it to hard delete 6 messages from our environment. The incident report did not give data for two full days. When it did, it reported status "Failed". However, looking at the report details, all six messages show hard delete status "Success", with no failures. Accurate and timely reporting of incident results will build confidence in the ATP Threat Explorer tool.

    63 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  2. enable tls 1.3 support

    please enable tls 1.3 support.
    This will improve rtt times and improve privacy.

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow O365 Activation when UseOnlineContent is Set to 0

    Below describes the function of the policy. However, setting to 0 blocks Activation. Please change this to allow a value of 0 to allow activation but still block online services.

    Set the value of UseOnlineContent to one of the following (To remove the connected services, set the value as 0. To recover the connected services, set the value as 2):
    UseOnlineContent value Value type Description

    0 DWORD Do not allow user to access Office 2016 resources on the Internet.

    1 DWORD Allow user to opt in to access of Office 2016 resources on the Internet.

    2 DWORD (Default) Allows the…

    61 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow users to migrate their Microsoft accounts to Office 365

    When a firm establishes an Office 365 tenant, they should have the option to allow users to migrate their existing Microsoft Account identities to the company account. This should migrate their existing OneDrive and other consumer data to the corporate account as well as "merge" the identities so access given to other Office 365 tenants' SharePoint and other sites transfers over. Users could also opt not to migrate, in which case they should be required to "vacate" the company domain and migrate to an outlook.com or other consumer branded domain, much like the old Lync/OCS federation process that took place…

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to apply multiple Branding Options for Office 365 Message Encryption

    Office 365 Message Encryption currently only provides the ability to specify one set of branding configurations (see https://technet.microsoft.com/en-us/library/dn569292.aspx). Large enterprises that have multiple entities need the ability to provide branding for each entity.

    For example, if Contoso was comprised of entities Fabrikam, Northwind, and ADatum, each entity should be able to specify it's own branding for OME.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Option to use default folder structure for eDiscovery PST Export

    I recently learned that the one of the only ways to move mailboxes from one tenant to another is to use the eDiscovery PST export tool and the PST Import tool. The problem is that the eDiscovery PST export tool places the default folders inside a folder called "Primary Mailbox". When this PST is imported into the new mailbox, all folders are placed inside this "Primary Mailbox" folder rather than being merged into the default folders. We had to manually move all folders to the root of the PST before importing the PST into the new mailbox. It would have…

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow the ability to delete a retention label definition in S&C Center if 'Record' classification

    If you've created a retention label in the Security & Compliance Center and have checked the 'Use label to classify content as a "Record"' checkbox, I would like the ability to delete the label under certain circumstances. If I've never used it, it's not published in any policy, I should be able to delete it. I've set up several "test" labels with this checkbox checked and there is no way (either thru the UI or thru PowerShell) to delete the label definition. Example: if you create a retention label and select the 'record' checkbox, save it and then immediately try…

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Advanced Threat Protection (ATP) - Allow to create custom malware alert notifications

    We need send a customized notification email message to recipients or administrators when a malware was detected by Safe Attachments.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  9. increased logging capabilities

    When a standard user logs into Office 365 (SharePoint Online, Exchange Online, etc.) reporting should also include the following:

    Login Username
    Microsoft Office 365 IP
    User/Client IP
    User-Agent
    Success/Failure of Login

    This will allow security folks to monitor for compromised accounts, as well as help with compliance.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Office 365 quarantine report should have a link to view live quarantine

    This is a simple feature to implement and my users were used to it with Appriver. My users get a report of their quarantined emails daily, that emailed report should have a link (https://admin.protection.outlook.com/quarantine) for the users to click to view their quarantined email at any time, so they don't have to wait a day.

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Block spoofing messages even when the source is a trusted relay in another tenant.

    We have discovered if an e-mail is sent through a relay trusted in one tenant, that message will be delivered as not-spam to any other O365 tenant regardless of sender address and SPF records. This seems like a large gap in the service, for example; if one client machine was to get compromised that machine could send any number of messages from any source address through the relay and they would automatically be trusted and delivered to any mailbox using EOP or Exchange Online.

    We would like to see these messages at least checked against SPF records at the receiving…

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Introduce customisation to built in DLP rules (or allow exceptions to existing rules)

    We use DLP on email to assist in our PCI compliance. As an online payments provider, we often provide dummy credit card information to help our customers set up their APIs (typically 4444 3333 2222 1111). Unfortunately, despite this *not* being a valid card number, it triggers Microsoft's built in "Credit Card" definition resulting in 100s of false positives per week. We need to have this hard coded as an exception to the "Credit Card" definition, or, better yet, allow definitions to be customised and/or excluded from via. the Admin portal.

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →

    As stan mentions below, this level of customization is certainly possible. There are many other tweaks you can perform based on your specific requirements. For example, you can only look for multiple cards together, or other identifying information like expiration dates. Please review the documentation and work with support as needed.

  13. Allow alteration to the global Azure AD Password Policy (complexity, length, etc)

    Force special characters in Azure AD password Policy

    I would like the ability to force more complex passwords without the need for a Dirsynced server. The default password policy for the global profile in Azure AD is not strong enough, and I would like some better options for length, complexity and special character requirements.

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to limit access to Online Archive by Client Location

    We'd like the ability to limit access for users to their O365 Online Archives by client location/IP.

    For example, if the user is connected to the corporate network, their online archive should be accessible through Outlook. If the user is away, working from home, etc, the online archive is not available/accessible.

    Whilst we have security measures in place (like MFA) for accounts if a user's credentials are stolen, the most common access would be via OWA from an external location/IP. By archiving (moving) old/sensitive email to the online archive, and restricting access by location, we could effectively limit the amount…

    58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. provide proper controls to meet data retention requirements by blocking users from joining third party teams

    Many industries require the monitoring and retention of communications on sanctioned platforms like teams. Things like the investment advisers act (SEC rule 204-2) require that companies monitor and retain communication channels used by and for the business. Teams is a great communication tool, but lacks the controls to block users from being invited to outside teams (via their corporate sign-on!). Once a user joins another team they are bypassing all of the compliance / retention policies of their corporate tenant where their ID is owned and managed. This is so bizarre! Tenant restrictions do work (blocking sign-in as long as…

    58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Alert Policy for Inbox Rule Creation/Deletion/Modification

    Currently O365 has an alert for forwarding/redirect rule within Security and Compliance Center. Considering that most phishing campaigns are crafted with someone setting up Inbox rules to move messages to another folder which are monitored, creating a man-in-the-middle attack. It would benefit tremendously to be alerted whenever a user creates/deletes/modify an inbox rule to prevent attacks before they happen.

    58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. include changes in journal rules as an activity alert in the Security and Compliance center

    Please consider adding changes in Journal Rules (Exchange) as an activity for alert in the Security and Compliance center. We have many customers who would find value in this.

    57 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add recipient (TO:) on Malware notifications

    ΦSteps to reproduce
    ~Step 1:Set Notification when Malware is detected~
    1. In the Exchange admin center (EAC), navigate to Protection > Malware filter.
    2. Select the Default policy > Click the edit icon
    3. Click the Settings menu option. In the Administrator Notifications section, select the check boxes to Notify administrator about undelivered messages from internal senders and to Notify administrator about undelivered messages from external senders. Specify the email address.
    4. Click Save.

    ~ Step 2:Send a Malware mail~
    Access https://www.andymillar.co.uk/blog/2007/12/06/testing-your-email-virus-scanner-with-eicar/ and enter email into the box. Click Email Me EICAR!

    ~ Step 3:Admin receives the Malware notification as…

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. Create a web form to submit malicious links for ATP SafeLinks

    Allow users to submit links for known malicious sites that can be flagged as such by ATP SafeLinks.

    After a recent phishing message that included a malicious link that was not flagged as such by SafeLinks, I opened a Premier case and sent the link, and Premier sent it on to engineering. A couple hours later it was blocked by Safe Links.

    There has to be a faster/more direct way to get malicious URLs blocked by SafeLinks!

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    thinking about it  ·  1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  20. End-user Spam Notifications by User or Group

    Have the ability to configure End-User Spam Notification by User or by Group. Currently we use a 3rd product to handle spam blocking and it sends a daily email with a list of blocked spam. Not all of our users care to receive this email so we would like to be able to control this feature within Office 365 but have the ability to configure which users want to receive the daily spam list or not. Currently Office 365 only let this be done by domain names. The ability to control who gets these notification should be able to be…

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base