Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Opt out and update preferences should completely remove email address from all future mailings

    Currently when a user opts out or unsubscribes or updates contact preferences they may still receive emails from Microsoft - can this be fixed so all emails are stopped completely ?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Make the data on TLS-Deprecation-Report.csv to be accurate

    I would like the TLS deprecation report to show accurate data when downloading it from Service Trust Portal, because it contains a lot of data for non-impacted devices.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow us to preview .PDF files on a mobile device in ATP

    We should be able to 'Preview' .PDF files from our phone if we have if ATP Safe Attachments with Dynamic Delivery in place. If works on the desktop.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Show all changes that have occurred to a single mailbox or group

    The Audit query would be more useful if a person could search on all access activity on a mailbox, and/or all changes to a group.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Quarantine should have a button to report phishing emails.

    I get hundreds per day and it's impractical to release them all and report them.

    Working in the Quarantine is a MESS! The GUI is something I'd expect back in the 2000's.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Language Office Message Encryption

    I believe this is a MUST for multi-national companies. When OME sends out it's generic wrapper email to the recipient, it needs to be read by the recipient in the language they are fluent in. I know it is hard to know what language the recipient speaks, so maybe the best approach is to pick the top 25 languages used in business and translate it to those 25, and place links to each translation in the top of that generic email to the user, so they can click on the correct translation and read in their preferred language.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Unencrypt Replies Automatically Based on Recipient Being Internal Not Sender

    the old OME 1 allows us to enencrypt replies automatically based on the recipient being Inside the Organization, the new version of OME only does it if the Sender is in the Organization, please allow us to unencrypt the replies coming back in to our company based on the recipient being inside the organization, it's a pretty common need

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Portal for external users to send secure message to users on Office365 without having to force encryption for all incoming domains

    We just migrated to Office365 and noticed that we don't have the ability for customers to send us secure messages without forcing encryption on all incoming messages.

    We had a portal for customers to use and create an account, then they would be able to send us a secure message within the portal. We would like to have similar feature for Office365 but it is not available now.

    The work around for this is for the customers to call into our Customer Service Center, we then send them an encrypted email. They would need to get a onetime passcode in…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Policy Tips for Office for Mac 2016 do not display

    Policy Tips for Office for Mac 2016 do not display. The user only receives the email message if it is denied based on a DLP rule. It seems unjust that there is a discrepancy in features that function across the different OS's when the price is the same. Would like to see this working and it is NOT an advanced feature.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  11. With the Possibility to convert excel to pdf with password encryption. This is achievable with Word not excel however.

    With the Possibility to convert excel to pdf with password encryption. This is achievable with Word not excel however.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. control access to offline data

    Need to be able to remove cache OneDrive for Business, SharePoint Online Document Library and mailbox data from users devices and PCs.

    Currently a user can sync all this data to there personal devices and computers. Once they leave and O365 account is disabled, they still have access to the offline data.

    Need to be able to limit how data is accessed.
    Offline data needs to be encrypted, once the O365 user account is disabled the cached data becomes inaccessible or automatically deleted.
    The Office desktop protection or other service should phone home as soon as system is online and…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow i18n of malware notifications

    Malware notifications are delivered in the language the tenant was originally created. This is an inconvenience for tenants that have thousands of users from all over the world. These notifications should be issued in the recipient's mailbox language.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow emails sent to phish@office365.microsoft.com to contain malicious attachments

    Some emails our users send to phish@office365.microsoft.com to report phishing are being rejected by Microsoft because they contain malicious attachments. That's ridiculous. Of course a suspected phishing email might possibly contain a malicious attachment!

    Instead of rejecting the message, Microsoft should accept it and have their technicians who handle the phish@office365.microsoft.com queue working in an environment where they're not susceptible to malicious attachments.

    FWIW, the reject message is "550 5.7.1 TRANSPORT.RULES.RejectMessage; the message was rejected by organization policy" and a Microsoft tech confirmed it was due to the file attachment in support ticket number 14365410.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. In Exchange Admin Center and Content Search allow searches to be copied or cloned.

    In Exchange Admin Center and Content Search allow searches to be copied or cloned

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Have MFA challenge tell you which app challenge is for

    This would eliminate confusion when multiple txt msg's come in and not knowing which text code to put in which challenge box

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Daily Alert on OneDrive for DLP detection

    Alert is sent out only when DLP policy first detect on OneDrive. For better management, it would be helpful if there is a daily alert which contains all existing detection plus the new detection for related persons to follow up.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  18. ATP Safelink - Display test of destination URL

    By including text displaying the original URL path, that is not in the form of a hyperlink, you would allow users to gather context that can be ascertained from the URL path. People would also be better informed before clicking a on a URL that may or may not be malicious, only to discover they would not have clicked that link if they had seen the path before they clicked on it.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. เยส

    เยส

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Security Status of Microsoft Cloud Services ("Secure", "Degraded", "Compromised", etc

    We had an issue this morning where our filtering provider marked all Microsoft traffic as suspect. I do not know at this time was what triggered the event, but the provider could not provide assurance on as a false positive. I have nowhere to look on My tenant to verify this claim. As Microsoft’s presence in the cloud grows it becomes a very attractive target and no site is immune. I would think there would be a resource somewhere on the Microsoft site or my tenant that would provide a security status. Obviously this dashboard would not have details, but…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base