Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Fixing DBEB to work with Dynamic Distrbution Lists, or disable DBEB by default.

    Fixing DBEB to work with Dynamic Distrbution Lists, or disable DBEB by default. I've been working with MS tech support for a week now trying to figure out why our Dynamic Distribution Lists have all of a sudden stopped working remotely. They said it is because we are using "Authoritative" domains (which are default) and by default DBEB is enabled, which does NOT allow Dynamic Distribution Groups to work from the outside. The tech support team I've been working with says MS has no plans on fixing this and in order to disable DBEB, we have to contact them so…

    67 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Secure Score - MFA with conditional access is not counted

    Secure Score - MFA with conditional access is not counted.
    The system recognizes only full MFA while it was set as encofrece

    67 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. Stop using the Spamhaus PBL on mail submitted by *authenticated* users

    I understand this is a duplicate of the below ticket, but MS is being particularly short sighted with the problems this causes:
    https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/20382373-stop-using-the-spamhaus-pbl-and-xbl-blocklists-on

    As per SpamHaus PBL description:
    THE PBL IS NOT A BLACKLIST. You are not listed for spamming or for anything you have done. The PBL is simply a list of all of the world's dynamic IP space, i.e: IP ranges normally assigned by ISPs to broadband customers routers/modems (DSL, DHCP, PPP, cable, dialup). It is perfectly normal for these IP addresses to be listed on the PBL. In fact all dynamic IP addresses in the world should…

    67 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Read receipt for when encrypted email is read.

    Products like ZIX are able to deliver a notification when someone reads the encrypted message they were sent.
    Our Customer has requested this feature to be added in O365

    66 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Ability to limit access to Online Archive by Client Location

    We'd like the ability to limit access for users to their O365 Online Archives by client location/IP.

    For example, if the user is connected to the corporate network, their online archive should be accessible through Outlook. If the user is away, working from home, etc, the online archive is not available/accessible.

    Whilst we have security measures in place (like MFA) for accounts if a user's credentials are stolen, the most common access would be via OWA from an external location/IP. By archiving (moving) old/sensitive email to the online archive, and restricting access by location, we could effectively limit the amount…

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Office 365 quarantine report should have a link to view live quarantine

    This is a simple feature to implement and my users were used to it with Appriver. My users get a report of their quarantined emails daily, that emailed report should have a link (https://admin.protection.outlook.com/quarantine) for the users to click to view their quarantined email at any time, so they don't have to wait a day.

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable language support for Policy Tips in DLP/Security & Compliance

    Need the possibility to have Policy Tips for DLP rules in multiple languages when created in Office 365 Security & Compliance (as you can do in Exchange Online Admin). The policy tip should match the language you have in Office. Now it's mixed with the static text in the Policy Tip and the custom text you have entered in the rule

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  8. Advanced Threat Protection (ATP) - Allow to create custom malware alert notifications

    We need send a customized notification email message to recipients or administrators when a malware was detected by Safe Attachments.

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow O365 Activation when UseOnlineContent is Set to 0

    Below describes the function of the policy. However, setting to 0 blocks Activation. Please change this to allow a value of 0 to allow activation but still block online services.

    Set the value of UseOnlineContent to one of the following (To remove the connected services, set the value as 0. To recover the connected services, set the value as 2):
    UseOnlineContent value Value type Description

    0 DWORD Do not allow user to access Office 2016 resources on the Internet.

    1 DWORD Allow user to opt in to access of Office 2016 resources on the Internet.

    2 DWORD (Default) Allows the…

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve the create preservation policy wizard in the Compliance Center

    Adding Preservation Policies for Sharepoint and OneDrive is to time consuming. There needs to be an easier option to preserve all users drives and SharePoint Sites.

    The current wizard is 9 pages and you need to have the exact address of the users site to add each one. It would take months for me to add all of my users in this way.

    Preservation policies for Mailboxes at least let you search and select all to add them, so it would take considerably less time to complete. That would be at least a modest improvement.

    63 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. incident

    Fix ATP Threat Explorer Incident Reporting

    We would like to use ATP Threat Explorer to mitigate phishing messages coming into our environment. The incident reporting does not build confidence in the tool. As an example I recently used it to hard delete 6 messages from our environment. The incident report did not give data for two full days. When it did, it reported status "Failed". However, looking at the report details, all six messages show hard delete status "Success", with no failures. Accurate and timely reporting of incident results will build confidence in the ATP Threat Explorer tool.

    63 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable message trace log forwarding to on prem storage or SIEM solution.

    message trace should be forwarded and stored to external sources so that same can be used and leverage for security analysis and other purposes.

    63 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  13. ATP Safe Links - Report False Positives / Possibility to overwrite MS classification

    There is no feasible way to report false positives in ATP Safe Links.
    If you run into this scenario, you can either send an email to SafelinksFeedback@microsoft.com and wait that it is being resolved or you open a support case at Microsoft.
    Both options take a lot of time.
    However, the email containing the link classified as malicious by Microsoft has already been sent out and the expectation is to make this link working as soon as possible.

    Therefore, there needs to be a way to report those links which have to be re-classified (with a proper process attached) or…

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to apply multiple Branding Options for Office 365 Message Encryption

    Office 365 Message Encryption currently only provides the ability to specify one set of branding configurations (see https://technet.microsoft.com/en-us/library/dn569292.aspx). Large enterprises that have multiple entities need the ability to provide branding for each entity.

    For example, if Contoso was comprised of entities Fabrikam, Northwind, and ADatum, each entity should be able to specify it's own branding for OME.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. Anti-phishing policy | User notification | Self release

    It's is great that Microsoft provides the possibility to block phishing messages but it is not clear why it is not able to provide the same functionality like in the anti-spam policy , so that the user gets an info that a mail has been moved to the quarantine and he could preview the message and decide to let it there or to release.
    Anti-phishing policy is no perfect, it creates a lot of false positives and the user will not be informed in order to check the mail and release it.
    I didn't see any argument why Microsoft is…

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. increased logging capabilities

    When a standard user logs into Office 365 (SharePoint Online, Exchange Online, etc.) reporting should also include the following:

    Login Username
    Microsoft Office 365 IP
    User/Client IP
    User-Agent
    Success/Failure of Login

    This will allow security folks to monitor for compromised accounts, as well as help with compliance.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. backup archive export audit logs and message trace

    as MS365 have a limitation of storing 90 days of information. we need a way to backup / archive / export these information for legal or investigation requirements.

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Block spoofing messages even when the source is a trusted relay in another tenant.

    We have discovered if an e-mail is sent through a relay trusted in one tenant, that message will be delivered as not-spam to any other O365 tenant regardless of sender address and SPF records. This seems like a large gap in the service, for example; if one client machine was to get compromised that machine could send any number of messages from any source address through the relay and they would automatically be trusted and delivered to any mailbox using EOP or Exchange Online.

    We would like to see these messages at least checked against SPF records at the receiving…

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Introduce customisation to built in DLP rules (or allow exceptions to existing rules)

    We use DLP on email to assist in our PCI compliance. As an online payments provider, we often provide dummy credit card information to help our customers set up their APIs (typically 4444 3333 2222 1111). Unfortunately, despite this not being a valid card number, it triggers Microsoft's built in "Credit Card" definition resulting in 100s of false positives per week. We need to have this hard coded as an exception to the "Credit Card" definition, or, better yet, allow definitions to be customised and/or excluded from via. the Admin portal.

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →

    As stan mentions below, this level of customization is certainly possible. There are many other tweaks you can perform based on your specific requirements. For example, you can only look for multiple cards together, or other identifying information like expiration dates. Please review the documentation and work with support as needed.

  20. Add functionality to re-deliver failed messages from Message Trace

    Third party spam filters, such as the offerings from Barracuda, MXLogic, and many others, have the ability to allow administrators to force re-delivery of messages that may have failed due to either a restrictive rule or a SMTP alias that did not exist for a recipient (typically true with migrations from non-Exchange based systems).

    It would be highly beneficial to admins to have this control and allow for forced re-delivery of messages as necessary.

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base