Have a built-in dashboard or report summary for business justifications and false positives that users write to override a policy tip. Otherwise there is very little proper management and consolidated of business justifications / false positives which is needed to properly access the effectiveness of the policy tip and the actual compliance of users. Also, enable sending of incident report to user's manager or compliance officer so that relevant flags are sent to the relevant people [Ticket #:14230735]

I am informed by a support ambassador that the recent email my tenants are receiving allows a scrip[t to run that will extract the username and password from outlook giving the malicious sender access to that account if the user clicks on the link in the email.
if this is true, then this is a serious security breach and needs to be patched immediately!!!! my tenants are being hacked justifiably at their own doing by not recognizing the potential hack, but this should not be possible. period!!

Please make sure that all the current capabilities of the "old" OME are present also in OMEv2 before decomissioning the old version.

We have a case where a third-party application sends and receives mail that may contain sensitive customer data.

We can enforce TLS between the application and Office 365, but not between Office 365 and recipient. The application needs to be able to process replies, thus they need to be in the clear when arriving at the application input.

This is possible in the old OME but not OMEv2. Thus, we cannot move to OMEv2.

Office 365 Support Help staff currently use Logmein as a tool for screen sharing with customers and for tech support. Our company has locked that tool from being used for security reasons. Can Microsoft provide another option? We tried to use Skype for Business but Support won't pass out a email address - so we cannot schedule a call and use that tool. Need some other options.

have the exchange online audit trail include events for granting/revoking 'send as' and 'send on behalf of' mailbox delegation permissions

It's all in the title. Your service should not be trying to use such a certificate. Maybe check to see if a server has been taken over.

This seems to happen about once ever 3 weeks or so.

Foreign phishers, of which most seem to be, cannot master the idiosyncrasies of American vernacular and they even struggle with basic grammar and spelling. Since they are usually posing as legitimate American companies or professional individuals, create a machine learning engine that understands American vernacular then sanity check emails for violations of the learned rules of the vernacular. Microsoft likely already has a usable machine learning capaability already (bot Tay for example). Time to stop playing with that technology and start using it!

This sucks! I didn’t ask for nor do I want this service! I haven’t been able to access websites that I have trusted for years and I am mad as ****!

ATPを検知した際の動作に [モニター]などに加え、[件名行の先頭にテキストを追加する] をできるようにしたい
トランスポートルールにて、ATPにて検知された特定の拡張子のファイルをバイパスする方法ならあるが、検知したATPすべてに対して[件名行の先頭にテキストを追加する] を設定したい

I've entered a bug issue (bug in new Office security feature), providing the details, and NO ONE has responded in any way. I was told that these issues are reviewed by the Office Dev Team.

I need a response NOW. Customer sites are broken.

The Search Activities within the 'Audit L:og Search' differ from the 'Activities' that are listed as results.

External user are able to see email addresses using generic link: https://<tenant>-my.sharepoint.com/_forms/default.aspx.

The email address appears in the body of the warning screen provided by the above link. Besides the email address, in the warning screen also appears the source link which can be modified by changing the UserID parameter. In this way, a user can generate the full list of email addresses registered in the corresponding site collection.

This is considered a security breach in the perspective of some industries and also GDPR regulations.

I am trying to get our users to hover over email links to check where they really go.

This hovering doesn't show the URL in OWA!

When a message is tagged as potential spam, spoof, etc allow the viewer to respond if it is spam, spoof, etc while viewing the email and use responses to make the identification process smarter (positive responses could cause tagging criteria to be updated).

When a user chooses to override a DLP rule and needs to give a business justification the get prompted with in Swedish "Jag har en affärsjustering" ("I have a business justification" in English). I'm not even sure if "affärsjustering" is a word so it's not a very good translation. It's not an easy sentence to translate correctly but the words "berättigande, rättfärdigande, anledning or motivering" is better translation of "Justification" and a change of the translation should be considered.

When releasing emails from the Quarantine, if the "to other recipients" option is chosen and left blank (which the tool allows) email is released to all recipients. There is no notification nor documentation about this. If I am choosing "other people" there is a clear intention not to release to original recipients.