Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Audit Log Functionality for New Inbox / Forwarding Rule / Mass Failed Logins

    As a support provider I've seen an influx of fraudulent access cases. I would like to see an audit log option (and alert) for Inbox and Forwarding Rules as well as for Mass Failed Logins.
    I know that for E5 and Advanced Security Management subscribers they can create something for failed logins but with this becoming more common place I think the people would appreciate this functionality.

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow journaling into Office 365 mailbox

    Either sell a separate Journaling license if it is more expensive to keep journal on Office 365 and price the license according to data amounts like $10 per 100GB/month. Or have an option to put Litigation hold on all mail traffic going through the tenancy. Currently only mailboxes with licenses assigned can have litigation hold so getting those licenses for all shared mailboxes would help a little but would be very costly as shared mailboxes will not need the office or any other licensed features. Even when licensing all shared and user mailboxes, that would not keep the mail that…

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Stop using the Spamhaus PBL on mail submitted by *authenticated* inbound connections

    I understand this is a duplicate of the below ticket, but MS is being particularly short sighted with the problems this causes:
    https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/20382373-stop-using-the-spamhaus-pbl-and-xbl-blocklists-on

    As per SpamHaus PBL description:
    THE PBL IS NOT A BLACKLIST. You are not listed for spamming or for anything you have done. The PBL is simply a list of all of the world's dynamic IP space, i.e: IP ranges normally assigned by ISPs to broadband customers routers/modems (DSL, DHCP, PPP, cable, dialup). It is perfectly normal for these IP addresses to be listed on the PBL. In fact all dynamic IP addresses in the world should…

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enable message trace log forwarding to on prem storage or SIEM solution.

    message trace should be forwarded and stored to external sources so that same can be used and leverage for security analysis and other purposes.

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  5. Office 365 Online Archive - Need Folder Views for Archived Task and Calendar Items

    When Task and Calendar items are archived to the Online Archive there is no easy way to view or distinguish these item from the Office 365 Online version of Outlook, the Outlook client folder view needs to be used. For generic email accounts that multiple people need to access, using the Outlook client is not a viable option or solution. Would it be possible to create and option to allow one to filter the Task and Calendar items when creating an archive policy? Or to provided a filter or search option for Task an Calendar items once they have been…

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. provide proper controls to meet data retention requirements by blocking users from joining third party teams

    Many industries require the monitoring and retention of communications on sanctioned platforms like teams. Things like the investment advisers act (SEC rule 204-2) require that companies monitor and retain communication channels used by and for the business. Teams is a great communication tool, but lacks the controls to block users from being invited to outside teams (via their corporate sign-on!). Once a user joins another team they are bypassing all of the compliance / retention policies of their corporate tenant where their ID is owned and managed. This is so bizarre! Tenant restrictions do work (blocking sign-in as long as…

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Keyword Query Limit needs Increase

    A keyword limit of 20 terms has recently been instituted in the Compliance Center eDiscovery searches. This limit is far too low and should be returned to an unlimited number of keywords (or at least a much higher limit like 100 keywords). This is negatively impacting the ability to do more complex searches in the Compliance Center.

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  8. End-user Spam Notifications by User or Group

    Have the ability to configure End-User Spam Notification by User or by Group. Currently we use a 3rd product to handle spam blocking and it sends a daily email with a list of blocked spam. Not all of our users care to receive this email so we would like to be able to control this feature within Office 365 but have the ability to configure which users want to receive the daily spam list or not. Currently Office 365 only let this be done by domain names. The ability to control who gets these notification should be able to be…

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow adding metadata fields to pending disposition reports

    Pending disposition and completed disposition reports are lacking metadata required to be captured by Government organisations for all disposed documents. Can we have the following metadata fields available in all disposition reports exported from Office 365:
    • Unique identifier (document ID number)
    • File name
    • Date created
    • Creator/Author
    • Date last modified
    • Last modified by
    • Date of disposal
    • Disposal label
    • Disposed by

    It would be even better if system admins could add/remove metadata fields from all disposition reports.

    Unfortunately, until these fields become available in Office 365 disposition reports, document disposal won’t meet the…

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Threat Explorer: Allow And/OR Searching / Custom Search Queries

    There have been amazing advancements in Threat Explorer in just the last few months. One of the bigger things that's missing is the ability to do our own custom searching.

    Ex.
    (Sender1 = me OR Sender 2 = boss) AND Recipient Domain = contoso.com

    This alone would make it much more enterprise-ready in my opinion. Great job with it so far!

    67 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow end users to release, delete, report via End User Spam Notification

    Recently, End User Spam Notification was modified and now end users are unable to "Release", "Block" quarantined spam emails from End User Spam Notification mail.

    I understand that end users must navigate to Security Compliance Center to do so, but I would like to do so from End User Spam Notification mail, so I want an option to bring back the old style End User Spam Notification.

    66 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. enable the adjustment of time zone for message trace tool

    Hello.I suggest the Time zone on the message trace tool should be adjustable for administrators.This will enable the administrators to view mails trace in their local time as real time.

    Thank you

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  13. Retention Compliance Rule - Exclude Item Classes

    Provide the capability to exclude item classes from a Retention Compliance Rule. This will allow for excluding Notes, Tasks, and Calendar items

    MS has published articles detailing how to do this for hold policies dating back to January of 2018, but the cmdlets still do not exist.

    https://support.office.com/en-us/article/overview-of-retention-policies-5e377752-700d-4870-9b6d-12bfc12d2423

    Set-RetentionComplianceRule [-ExcludedItemClasses <MultiValuedProperty>

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Advanced Threat Protection (ATP) - Allow to create custom malware alert notifications

    We need send a customized notification email message to recipients or administrators when a malware was detected by Safe Attachments.

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  15. Delete mail from Blocked Senders but Quarantine possible spam.

    I would really like to have different mail flow behaviours for "BLOCKED SENDERS" and "POSSIBLE SPAM". Mail from a blocked sender or blocked domain to be deleted, always, and never seen again. Remaining mail that triggers possible spam detection to go to Quarantine. What we have today is that thousands of messages from blocked senders are going into quarantine which is cluttering that up and frustrating for our users. I don't want to turn on the delete of possible spam, as some genuine messages are still being quarantined and we need to see them and release them.

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Threat Protection not scanning links within attachments

    Advanced Threat Protection is not blocking phishing links within attachments. These links are coming through in a higher frequency as pdf attachments which are scanned by ATP and in turn are allowed through because they are clean attachments, but the links embedded within these pdf files are going to phishing websites and people are clicking on them. ATP is not blocking these links. Please fix ASAP!!!

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow O365 Activation when UseOnlineContent is Set to 0

    Below describes the function of the policy. However, setting to 0 blocks Activation. Please change this to allow a value of 0 to allow activation but still block online services.

    Set the value of UseOnlineContent to one of the following (To remove the connected services, set the value as 0. To recover the connected services, set the value as 2):
    UseOnlineContent value Value type Description

    0 DWORD Do not allow user to access Office 2016 resources on the Internet.

    1 DWORD Allow user to opt in to access of Office 2016 resources on the Internet.

    2 DWORD (Default) Allows the…

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. incident

    Fix ATP Threat Explorer Incident Reporting

    We would like to use ATP Threat Explorer to mitigate phishing messages coming into our environment. The incident reporting does not build confidence in the tool. As an example I recently used it to hard delete 6 messages from our environment. The incident report did not give data for two full days. When it did, it reported status "Failed". However, looking at the report details, all six messages show hard delete status "Success", with no failures. Accurate and timely reporting of incident results will build confidence in the ATP Threat Explorer tool.

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow content search to be able to query emails sent to any external recipients

    At the moment you only have the option to do a content search query for:

    Recipients/To: contains any of, doesn't contain any of, equals any of, & doesn't equal any of

    if your domain is @abc.com and you select to query recipients/to - doesn't contain any of/doesn't equal any of "@abc.com" it will find all emails sent to external users BUT will exclude all email sent to external users with a cc/bcc @abc.com

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. Log Audit Log Searches and Exports in Audit Log

    Every global Admin can access the audit log - there is no way to control the usage of the Audit log !
    Audit Log can contain sensible user data and every global Admin can access this information without any documentation.
    So please log every search in Audit Log - who has searched what.

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base