Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow more than a single transport rule for OME

    Recently, I created a DLP Transport Rule for Office 365 using the US Financial Data Services as a template and the transport rule action was to Apply Office 365 Message Encryption.

    Prior to implementing this transport rule I had a simple OME policy of encryption e-mails with a high priority that were sent outside my organization.

    After spending some time trying to figure out why this Transport Rule (and corresponding action) was not working, I have learned that having more than one Transport Rule using OME is not permitted.

    I see this as a shortcoming - as using an encryption…

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
    • A locked policy can be increased or extended, but it can't be reduced or turned off. This is very bad! allows changes, but not the history

      The retention policy lock should be able to be changed! The forever unchanged is the history of content and should be backup in a separated location. Right now, if the retention policy includes SharePoint, the sharepoint site admin not even can delete the lib/list etc. This is dumb. The retention should smart enough to backup the delete files and without interrupt the users.

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
      • Case sensitive searching where "WAS" is not the same as "was"

        Case sensitive searching where "WAS" is not the same as "was". We have a department called Wichita Animal Shelter which is often referred to as WAS but "was" is a very common term in the English language and would result in a lot of unnecessary matches. I am sure there are many other common times when this would be helpful. I had to use a 3rd party search product to do a query on this very situation.

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
        • Centralised way to clear user's suggestions

          Suggestions can only be cleared by users selecting the X next to the suggestion.

          Provide O365 admin the ability to clear a user's suggestions or a collection of users (domain or tenancy).

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
          • Allow searching of second level malware family without adding top malware family as search item

            The threat explorer allows to search for malware families. You need to enter either the top-level Malware Family or top-level+second-level malware family. This makes searching for malware, without knowing the exact top level family very difficult.

            Example : Searching for "DDE".
            In order to find all malware related to DDE you need to include "O97M" (top malware) in the search for DDEDownloader.C

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
            • quarantined email disappeared

              As administrator, I checked/selected SOME quarantined emails and deleted them. It deleted ALL quarantined emails even if they weren't checked!

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • Audit log for Office365 licensing is not available

                If someone (global admin) add any subscription to the tenant, we should be audit such events. Ticket #:10552042

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
                • No e-mails should be delievered from 8pm to 7am, unless there is an emergency.

                  “No e-mails should send out between 8pm – 7 am, unless there is an emergency. In other words, we can draft e-mails, send them, however e-mails should be delivered after 7 am, unless there is an emergency”
                  Can this rule be implemented?
                  Please confirm

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                  • 1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • SOX audit report for PWA

                      Develop a report at field level in PWA to support SOX auditing. Fields related to Budget, time approval and Forecast.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
                      • content search export

                        you should add network bandwidth option. when i dowload dismissed user then download mails ; it use whole my internet bandwitdh.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • ATP safe attachments: Add Scan First then Deliver email mode without Malicious item Quarantine

                          Current settings available are Off, Block, Replace, Dynamic Delivery

                          Off -No scan

                          Monitor - Just Monitor

                          Block - Requires rules to be set and administrators to manually release emails

                          Replace - Replaces malware file

                          Dynamic Delivery - Delivers email first then user has to log onto the tenant or 2-5 minutes later the attachment shows up ***This greatly frustrates staff as they cannot properly act on email until they have the attachment.***

                          ---Add a mode where the email is delayed while the attachments are scanned then whole email is delivered
                          _Administrators should have the option to quarantine or to not…

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • E-Discovery Search to exclude Voicemail messages

                            Due to confidential voicemail messages in mailboxes, can there be an option in the new e-Discovery search to filter out by voicemail message. I understand that you can specify searches by keywords, but if there is a build in feature in e-Discovery to exclude voicemail, this can prevent man made mistakes when performing searches.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
                            • Attack simulator

                              The new Attack simulator don't take the passwords without special characters
                              For example
                              If the password is Test1 it not gonna show that any of your user is susceptible to Brute Force Password attacks.
                              But if the password is Test01- that way can be recognized and gonna show you that one of your users is susceptible to Brute Force Password attacks.

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Add option to Import data from Holds created by the Admin

                                I have added almost 450 Onedrive sites to hold. it would be great if we have an option to export the data for verfications.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
                                • Well to be honest I’m amazed by the team challenge on how quick you all were to respond, between apple and then Microso

                                  I believe if you have self encrypters like the ones we see everyday and used to, well if we take the privacy, and policy with the site terms we can actually make it a ghost code. It’ll be visible to the eye under light but we/ you all have the lighting and screens to detect a security breach. I hope that makes sense. For me I’m constantly clicking and clicking to find the answer, and to be honest with myself it’s starting to make sense. So thank you all and thNk you for the great team to team execution. I…

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Time too long for SafeLinks manually entered link to block

                                    When manually adding a domain or URL to SafeLinks the time for the link to actually be blocked is too long. I'm adding it because I have an active Phishing threat. An hour later and its still not blocked.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Recall mail support of encrypted mails (Azure Information Protection/Outlook)

                                      The "Recall mail" feature in Outlook is not currently supported by Azure Information Protection (AIP) encrypted mails. Mail send with AIP/RMS encryption can't be recalled.

                                      A suggestion is to build the mail revoke feature (in preview) into the Outlook Recall mail feature to ease user experience.

                                      (currently you can revoke a mail with Power Shell commands).

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • need interpol six plus yrs ago ***** n local law clueless Must stop felons cyber crime targeting sos

                                        WoSign cert not trusted on Apple no good digital certificates public connection always gatekeepers decryption shipping pirates communications transmissions keywords give messages need to further decode interpol advised extremely high tech criminal maneuvers need speak in private phones,pc s,even pc less fax machine making passes passports when connected to Burvaska or Chinese administrators blocked communications i have to try everything someone has to know what i witness daily on devices shocking wat do i do when Gulf of Guinea ships robbers pirates use my devices educate me need to but can’t trust nothing or no one advise gotta go i’m…

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
                                        • office 365 does not work

                                          office 365 outlook doesn't sort, doesn't load, doesn't send, basically doesn't work. i have updated loaded, reloaded, reloaded, updated, deleted, reinstalled, updated, reinstalled, reloaded.

                                          doesn't work

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base