Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. enable tls 1.3 support

    please enable tls 1.3 support.
    This will improve rtt times and improve privacy.

    84 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    working on it  ·  1 comment  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Remove Limit of 60 users for New Anti-Phishing Policy

    Why is there a limit of 60 users that can be added to the new Anti-Phishing Policy? I would expect to have this very important feature available to ALL of our O365 users. Please remove this limitation so that we can add ALL of our O365 users to this new Anti-Phishing Policy

    83 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Quarantine notification emails: please change it back.

    The new Quarantine notification emails are not useful.
    The layout is very inefficient with screen real estate and difficult to read on a computer, and unreadable on a smartphone.
    Also, end users need the ability to release valid emails directly from the Notification message on a smartphone, instead of forcing them to log into the Quarantine web page (which is also unusable on a smartphone).

    83 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. A bug when creating a Retention Policy for Skype for Business in the O365 Admin portal

    When creating the policy, the * means all, but it still forces you to select users to add to the retention policy.

    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Microsoft Authenticator needs to display the machine / device name, application and location

    When Microsoft Authenticator pops up on your phone there is no indication of what device is requesting the authentication. It would be much better if the machine or device name, application and location was shown so that you know you are verifying a request that you have made

    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Report Message Add-in for GCC

    Seems pretty odd that the report message add-in doesn't work in government tenants. It is definitely something that should be enabled.

    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. spam filter allowed and blocked sender limit

    Please remove Safe and Blocked Sender Limit. There should be an option to add unlimited allowed and blocked list sender and domains. Existing spam protection does not block most of emails.

    78 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Enable DKIM for Office 365 Home with custom email domain

    The Office 365 Home subscription allows you to use your your own email domain. However, there is no option to enable DKIM and without it, outgoing email often ends up in the recipient's Spam folder, making the custom email domain capability useless.

    Please expose the DKIM setting on the UI for O365 Home subscribers.
    The feature itself is already implemented and available in the Business edition, but requires the Admin panel which does not exist in Office 365 Home.

    https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/38177803-enable-dkim-for-office-365-home-with-custom-email

    77 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Fixing DBEB to work with Dynamic Distrbution Lists, or disable DBEB by default.

    Fixing DBEB to work with Dynamic Distrbution Lists, or disable DBEB by default. I've been working with MS tech support for a week now trying to figure out why our Dynamic Distribution Lists have all of a sudden stopped working remotely. They said it is because we are using "Authoritative" domains (which are default) and by default DBEB is enabled, which does NOT allow Dynamic Distribution Groups to work from the outside. The tech support team I've been working with says MS has no plans on fixing this and in order to disable DBEB, we have to contact them so…

    77 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add MailboxLogin as a default action for Mailbox Owner Auditing

    I would like to see MailboxLogin added to the list of default actions that are audited for the mailbox owner. I realize it can be added separately; however, you will not receive updates to the default actions in the future if you make any changes and you would have to script this to enable it for any new mailbox that is created afterwards. I want to accept the default settings and not have to periodically review/add new actions. I don't understand why this is not included in the default action list for owner.

    77 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow users to migrate their Microsoft accounts to Office 365

    When a firm establishes an Office 365 tenant, they should have the option to allow users to migrate their existing Microsoft Account identities to the company account. This should migrate their existing OneDrive and other consumer data to the corporate account as well as "merge" the identities so access given to other Office 365 tenants' SharePoint and other sites transfers over. Users could also opt not to migrate, in which case they should be required to "vacate" the company domain and migrate to an outlook.com or other consumer branded domain, much like the old Lync/OCS federation process that took place…

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Fix the Unusual Volume of File Deletion Alert

    Our Office 365 tenant is generating 20+ of these alerts to our admins every day and every time we investigate, it is always the same story, the user is cleaning out old files or moving them from OneDrive to SharePoint. This alert needs some serious attention or organizations affected will just disable it.

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Coded redactions in Advanced eDiscovery

    The redaction on the document gets a Code (i.e. where AeD masks with the word “REDACTED”, code would be stamped instead) A given document can have multiple redaction reasons, so each reason has its own code, i.e. multiple redaction labels on the document. Additionally, a log must also accompany the disclosure stating which documents are redacted and the code/reason for the redaction.

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  14. Secure Score - MFA with conditional access is not counted

    Secure Score - MFA with conditional access is not counted.
    The system recognizes only full MFA while it was set as encofrece

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  15. Audit Log Functionality for New Inbox / Forwarding Rule / Mass Failed Logins

    As a support provider I've seen an influx of fraudulent access cases. I would like to see an audit log option (and alert) for Inbox and Forwarding Rules as well as for Mass Failed Logins.
    I know that for E5 and Advanced Security Management subscribers they can create something for failed logins but with this becoming more common place I think the people would appreciate this functionality.

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow journaling into Office 365 mailbox

    Either sell a separate Journaling license if it is more expensive to keep journal on Office 365 and price the license according to data amounts like $10 per 100GB/month. Or have an option to put Litigation hold on all mail traffic going through the tenancy. Currently only mailboxes with licenses assigned can have litigation hold so getting those licenses for all shared mailboxes would help a little but would be very costly as shared mailboxes will not need the office or any other licensed features. Even when licensing all shared and user mailboxes, that would not keep the mail that…

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Raise limit for specific inclusion / exclusion policies for retention and deletion

    A retention policy for specific inclusions / exclusions can contain no more than 1,000 mailboxes and 100 site collections. A tenant can contain no more than 10,000 retention policies. Our organizational entities are more than the limits, which blocks us from using this feature. See: https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. Enable message trace log forwarding to on prem storage or SIEM solution.

    message trace should be forwarded and stored to external sources so that same can be used and leverage for security analysis and other purposes.

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  19. provide proper controls to meet data retention requirements by blocking users from joining third party teams

    Many industries require the monitoring and retention of communications on sanctioned platforms like teams. Things like the investment advisers act (SEC rule 204-2) require that companies monitor and retain communication channels used by and for the business. Teams is a great communication tool, but lacks the controls to block users from being invited to outside teams (via their corporate sign-on!). Once a user joins another team they are bypassing all of the compliance / retention policies of their corporate tenant where their ID is owned and managed. This is so bizarre! Tenant restrictions do work (blocking sign-in as long as…

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Stop using the Spamhaus PBL on mail submitted by *authenticated* inbound connections

    I understand this is a duplicate of the below ticket, but MS is being particularly short sighted with the problems this causes:
    https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/20382373-stop-using-the-spamhaus-pbl-and-xbl-blocklists-on

    As per SpamHaus PBL description:
    THE PBL IS NOT A BLACKLIST. You are not listed for spamming or for anything you have done. The PBL is simply a list of all of the world's dynamic IP space, i.e: IP ranges normally assigned by ISPs to broadband customers routers/modems (DSL, DHCP, PPP, cable, dialup). It is perfectly normal for these IP addresses to be listed on the PBL. In fact all dynamic IP addresses in the world should…

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base