Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Threat Management Policies break and cannot be edited or deleted if policy name contains invalid characters.

    Example: Name an ATP Anti-phishing policy with comma "," characters:

    Example Policy Name that works: Name01 Name02 Name03
    Example Policy Name that breaks edit and delete: "Name01, Name02, Name03"

    Repro Steps:
    1. Login to Security and Compliance Center: (https://protection.office.com/#/)
    2. Click on "Threat Management"
    3. Click on "Policy"
    4. Click on "ATP anti-phishing" (https://protection.office.com/#/antiphishing)
    5. Click "Create"
    6. Name your policy: Name01, Name02, Name03
    7. Continue with Policy Wizard and click "Create this policy".
    8. Once policy has been created, check box the policy "Name01, Name02, Name03"
    9. When pop-up menu appears, click "Edit policy".
    Error:…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  3. Need an improvement for an issue that file contents which is shared with users via Microsoft Teams cannot be audited

    It is inconvenient that I can’t audit file contents shared with users via Microsoft Teams, and I would like to request to improve this behavior.
    For example, I’d like to see whether our company confidential files are disclosed by checking audit log to see the files shared via Microsoft Teams by users.
    Or I would like you to provide a setting option to disable the file attaching function in Microsoft Teams. Otherwise it impacts our business because it becomes difficult for me to allow users to share files, which is inconvenient. Also, I need to inhibit using Office 365 group…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Exchange Online Advanced Threat Protection - Excess of Timeouts

    We have recently suffered several bouts of emails simply timing out through Exchange Online Advanced Threat Protection. This has taken place during a pilot for the system in our organisation and has not instilled us with confidence to use it. When dealing with Microsoft Support we have been informed that other tenancies/customers were experiencing the same problem and that Product Engineering had investigated and the problem was resolved only for the problem to reoccur a few days later with the same response.
    There is no System Health Status in the O365 Portal for ATP, can this be added so that…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  5. Encrypt local hard drives/files subscribing to Office 365 (BitLocker for 365)

    Users who subscribe to Office 365 should have encrypted hard drives (I think Office Enterprise offers this) - in the event laptops are lost/stolen, local data is encrypted

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Exchange Online Alerts similar to OneDrive "..recently deleted a large number of.."

    When I delete a large number of files in my OneDrive, SharePoint will email me saying "Heads up! We noticed that you recently deleted a large number of files from your OneDrive".

    I am looking for this sort of feature, but for Exchange Online and when any user deletes a large number of items from their Deleted Items folder, the admins could be emailed with an alert.

    Currently I see no settings for the Alerts in Security & Compliance for this activity.

    This would help in the event someone leaves the company 'sour' and wipes their entire mailbox. Rather than…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Can you give your opinion to baseStriker Attack?

    I have beed asked by the Security department related the following Topic described in the links below:

    https://www.avanan.com/resources/basestriker-vulnerability-office-365
    https://thehackernews.com/2018/05/microsoft-safelinks-phishing.html
    https://securityaffairs.co/wordpress/72279/hacking/basestriker-attack-technique.html

    Security researchers at cloud security company Avanan have discovered a technique, dubbed baseStriker, used by threat actors in the wild to bypass the Safe Links security feature of Microsoft Office 365.

    The Safe Links feature is designed by Microsoft to protect Office users from malicious codes and phishing attacks, it is part of Microsoft’s Advanced Threat Protection (ATP).

    Beginning in late October 2017, ATP Safe Links protection is being extended to apply to web addresses (URLs) in email as well…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  8. Feed back and reporting on soft purge of mail items

    Currently administrators create a case in Content Search and then run the powershell to soft purge required mail items that meet the criteria.

    At present there is little feedback to confirm that the data you have targeted for deletion is really gone short of the time consuming method outlined by MS for checking in discovery mailboxes.

    A report listing the mail item details that can be exported on a successful completion of the new-compliancesearchaction would allow an admin to confirm that the emails they planned on deleting have all been cleaned up.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Delete unused shared easily

    Need a way to delete unused shares with a batch / automatic job. A builtin report showing those unused share would also be nice

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve Reporting on DLP violations.

    Specifically to show when a data owner takes action to resolve the violation on a document that meets DLP rules.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  11. Centralized managment for all DLP related functionality

    The current incarnation of DLP in the Microsoft product lines is far too difficult to manage due to the distribution of functionality across so many different interfaces and power shell cmdlets. Why would anyone think this is a good approach? There has to be a better, more consolidated, way in which to manage all these functions. As it is now, its basically impossible to maintain a functional DLP approach using the tools available. Not to mention the fact that many of the features only work on Windows based platforms. What up with that? Most environments are heterogeneous, we need DLP…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  12. my personal opinion to data protection

    you have to make like 6 key, (GM=GL policy) and you have ring create 3 way= 1+2/2+3/3+1 this user people (company privacy 1+2+3)

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Search option for identifying malware domains in Office 365 Admin panel

    How do we identify in O365 Admin panel about domain being marked as malware. Recently we had hard time in identifying this and O365 support team took 10 days to find this resolution for our mails being marked as PHISH instead of SPAM.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add the ability to filter real-time reports by the custom anti-phishing policy so that we can see the amount and which emails are impacted.

    This report is within Security and Compliance>Threat Management.

    It currently only shows the technology, the protection policy is listed as a code which is impossible to decipher. There is no way to tell if it as result of a custom anti-phishing policy. It only implies the technology.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  15. Powershell, powershell, powershell...

    ...if you need more than just the title, you haven't been paying attention to your customer base over the past 6 years.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Fix Review-] Quarantine email displayformat! It currently sucks!

    Why does the new Security & Compliance -] Home-] Review-] Quarantine show fewer emails in a worse format than the Exchange admin center -] Protection -] Quarantine ??

    2 or 3 weeks ago they added a check box to the Security & Compliance Quarantine which causes a large gap between emails that does NOT exist when review Spam/ Malware / Phishing inside the Exchange admin center -] Protection -] Quarantine

    Also why does the Why does the Security & Compliance -] Home-] Review-] Quarantine pop up a details box blocking the subject when multiple emails are selected. I have to…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Improve support for mailing lists in spam/phishing filtering

    When users are sending messages via a mailing list (mailman, for example), there is often a mismatch between the From: Header and the Sender: Header , there the From: is the real sender while Sender: is the mailing list's address. Most mailing lists implement this so replies work properly and so SPF works correctly. EOP/ATP sees this as a phishing attempt (which, admittedly could be the case). Adding the mailing list to the allowed senders does not work as ATP seems to be checking the From: header only, so stuff still gets blocked. Premier support always suggests creating transport rules…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow the ability to change the timeout period for approving messages caught by DLP.

    Currently O365 does not allow admins to change the timeout period for approving messages caught by DLP. By default it is set to 48 hours which is not long enough in the environment we are part of.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow for Domain Exclusions

    We should be able to do at least one of two things between Sec & Comp it Exchange.

    1) Add domain exclusions in the Security & Compliance Center for external domains. In this way DLP policies we setup don't apply to those domains.

    2) Allow for sending email notifications to the internal sender of an email, not only allowing a policy tip

    Our staff really like being able to get an email notification when an email they send out is delivered to recipients encrypted. For now we are sending the notification with DLP and doing the encryption in EOP. We…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  20. Release a Phishing Login server URL from the security blocker

    I would like you to release a Phishing Login server URL from the security blocker in the users’ environment. The URL is set when simulating a phishing attack by using Attack Simulator in Office 365. Because it would be blocked, we can’t review the page shown after entering credentials, and we can’t actually test the effects. So I would like you to release the URL from the blockers in a security software or browser security.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base