Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add functionality to allow admins to search the audit logs for a specific IP address

    Add a search field to the Audit log interface to allow admins to search for any connectivity/access from a specific IP address.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Your spam filter is terrible and a blight to the tech community. How do I turn it off?

    Your spam filter is terrible and a blight to the tech community. How do I turn it off?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. allow send report email from Security and Compliance portal to distribution groups instead of individual users.

    Reports in Security and Compliance portal can be sent to individual users only. Distribution groups cannot be selected as recipients. Using groups would be a much easier solution for all admins

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  4. Block images in message approvals OWA

    Loading images lets the sender know that a message was opened. When messages from external senders go to an account for approval, images are loaded in OWA because the approval message sender is an onmicrosoft.com account. This makes the spam sender think their message went through and encourages them to keep sending spam. The funny thing is that if you "preview" the message, external images are not loaded, but it kind of defeats the purpose if they were already loaded on the initial message opening.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Report of emails/meetings sent and received by domain with item counts over time

    This report has been requested by our business to understand which organisations it communicates with.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  6. safe documents

    Safe documents feature is too slow. For a large file > 400-500MB it can take 10 to 15 minutes to upload and scan. There needs to be some control over what gets scanned and from where, maybe there could be trusted locations and file size limits for scanning.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Include entire SPF Record in Message Header, not just pass or fail

    Right now, email headers will show whether the SPF check was pass or fail [Received-SPF: Fail (protection.outlook.com: domain of example.com does not designate 1.2.3.4 as permitted sender)] but does not record the full SPF record itself.

    If the full SPF record was included in the header, it would give us a point in time of that record, because they do change from time to time, and having a copy in the header would show us if there was a typo in an IP or a missing part.

    Thank you!

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Improve support for OpenPGP encryption with Web Key Discovery (WKD), Trust on First Use (TOFU), or even AutoCrypt

    The page on message encryption mentions third party providers like GPG / PGP encryption. I clicked the "Encrypt" button (Outlook Web UI) and sent an email to my ProtonMail account, but it didn't encrypt, just sent a link that can be used to view the email (with a passcode that it sends in a separate email, also not encrypted).

    It would be good to expand the use of Encrypt to interoperate with other providers, by looking up where key discovery exists (such as WKD), or using Opportunistic Security (RF 7435), e.g. where a message arrives with an OpenPGP key attached,…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Change in how eDiscovery searches involving "Document ID" search criteria processes exports.

    Known Bug depending on the size of the results when creating searches with eDiscovery using Document ID. Producing instabilities and exporting which never finishes. Due to instable exporting, we need a look into a better way these type of searches are processed in the back end.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  10. Auto investigation user filter

    Automatic Investigation needs to have pre-set filters to support companies that have more than one SECOPS teams responsible for groups of users;
    utilise Azure AD Admin units or allow filtering based upon smtp domain using fully customisable filter conditions.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Route Skype for Business, Azure and Office 365 alerts through listed MX records for domains.

    SfB VM alerts, Azure alerts and Office 365 alerts need to be routed through the domains MX records, not dropped directly into the tenant.

    We currently have a rule in place to drop any email that attempts to send directly to the proxy address (xxxx.mail.onmicrosoft.com) of user accounts. Accomplished by dropping outside senders that do not come in from specific IP's. This is catching the Voicemail alerts, Azure Alerts and Office 365 alerts as they are not delivering via our MX record.

    I can redirect them to our external security vendor, however security rules there are blocking them as the…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow a Custom value for disabling of offending accounts when they send too much email in too short a time frame.

    Allow us to set a value for disabling of offending accounts when they send too much email in too short a time frame.
    A breached account should not be able to send 800+ email in less then 5 minutes.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Receive an automatic mail when the office 365 account is used for the first time on a new device or new browser

    Have the possibility that the user and the administrator receive an automatic mail when their office 365 account is used for the first time on a new device (phone or tablet), a new computer or on a new browser.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Change Mobile Email Access to almost complete Admin Process Instead of User Process

    There are situations where individuals can get around O365 MDM policy and Exchange policy because of a flaw or improper setup. It would be more beneficial if this was an automated process where mobile access is off by default for tenant for all types of connections. Then if a person needs mobile access the admin drops the user in a default mobile users security group. When this is done an automated email with a links and QR code is generated. The link/QR code will automatically send them to download Company Portal and through automation configure the users phone or other…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. When eDiscovery Manager is assigned to a user, too many links are clickable in left navigation bar

    I need an access permission in Security Compliance Center which allows users to use eDiscovery function only.

    When I assign eDiscovery Manager role to a user, user finds many links such as "Access Permission", "DLP" which is unnecessary for this role.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Conditional Access for EVERY tenant

    Conditional Access Policies should be available to EVERY tenant within Azure AD. Not a premium feature for those willing to pony up the big money.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. ATP Mail security - Create more control over which ATP policy comes first.

    The problem is as follows:

    I've setup the Anti-phish policy to quarantaine message by impersonated users.
    But the problem is that the anti-spam filter catches the mail first and sends the mail to the Junk folder.
    So the user can open the mail of course...

    When i adjust the anti-spam policy to "sent to quarantaine" the users will also get the phishing mail in the spam report every x days.


    • So my idea would be to create a new kind of "global" policy that the
      admins can put first.
      With granular control in case you want a specific policy first.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Feed back and reporting on soft purge of mail items

    Currently administrators create a case in Content Search and then run the powershell to soft purge required mail items that meet the criteria.

    At present there is little feedback to confirm that the data you have targeted for deletion is really gone short of the time consuming method outlined by MS for checking in discovery mailboxes.

    A report listing the mail item details that can be exported on a successful completion of the new-compliancesearchaction would allow an admin to confirm that the emails they planned on deleting have all been cleaned up.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Communication Compliance Free for Education

    In the UK, schools have to safeguard children by law. Office 365 has been providing a useful tool in Supervision as part of Office 365 under the free licence to UK schools. However this is now been replaced by Communication Compliance which is under a E5/A5 licence level. Making it restricted to those schools who can afford to pay extra for the feature. When Microsoft are trying to push the use of Office 365 in education, I find this a barrier and one which could start to limit our use of Office 365 in future if we can't find a…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  20. Summary / Total Numbers in Reports

    I think having a summary report for a given report time period would be useful.

    Right now, the reports show a day-by-day or week-by-week chart, but I would like to have a "total #" available as well. Otherwise, I need to export to Excel and add them, or even worse, tabulate by habd.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base