Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Attach a Power Automate Flow to a Sensitivity Label

    For example, if a document is labeled as confidential and someone wants to share it externally, start an approval workflow.

    I think there are many reasons why someone would want to use a workflow in conjunction with a sensitivity label. Please add your use case to the comments.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Export PST to OneDrive or Team Sites

    Export results of Content Search directly to a OneDrive or Team Site instead of having to download to local drive and then push back up. This is necessary due to the bandwidth limitations on large exports.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow tenants to create custom Mail Flow alert policies

    The default "Messages have been delayed" policy has a minimum value of 200. For small tenants, this number is too high and it could take several hours to be notified of an issue. Currently, there are no additional Mail flow options to create a custom rule. Please allow tenants to customize alert threshold based on their environment.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. get rid of safe link! I am going to have to get another email account because I can't get redirected from emails!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    get rid of safe link because my personal account, I cannot click on emails and get redirected or open anything! I cannot find anywhere to contact anyone and I have a personal account only.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Use Office 365 Management Activity API to detect the spoofing of the external sender

    It would be great if the O365 Management Activity API could detect the spoofing of the external sender. Specifically, we would like to use Office 365 Management Activity API to retrieve Teams logs for messaging actions between internal to external and vice versa.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Provide a flowchart for tracing mail flow through Exchange Online.

    This is a great way to trace through all the filtering of Exchange -

    https://technet.microsoft.com/en-us/library/aa997242(v=exchg.141).aspx

    would love to see this for Exchange Online to prove that a user's allow/block list supersedes the spam policy.

    I've seen other articles showing order of priority - but not a flowchart that can be traced through.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  7. Improve authentication when hotels redirect to their wifi. Breaks the login page.

    We've had reports of users with our O365 site set to their default browser home page. When at a hotel guest access wifi redirect happens, after signing up for the hotel wifi, the "Redirect you to your company login page" gets stuck with the dots moving across the page. Our employees think this is broken and have complained. Please take a look into this unique situation. Thanks!

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Advanced Threat Protection Plan

    Wanted to ask if Microsoft have any plans to add "Advanced Threat Protection" to the rest of the Office 365 plans instead of just the Enterprise E5 plan only? I think it would be a wonderful addition to all the plans to have this active to protect end-users emails. The URL Detonation and Dynamic Delivery functions are needed in the rest of the plans and they add great functionality for all.

    Thank you.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Cut access to shared documents of deleted users

    Access to shared documents and folders of a deleted user shouldn't be possible.
    I've deteled an user, but other users still got access and could edit documents that the deleted user had in its OneDrive. Those users, and I, were complaining that after about 30 days later the documents they edited during that time simply vanished and they've lost 1 month of work on them.
    After deleted the user, his documents should automatically be inaccessible, even because the deleted user can't access them anymore, but the others do!
    And more, if that user has shared documents you don't approve, deleting…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Options to Automate Message Trace reports

    There would be a need to automate the Message Trace by allowing to schedule message trace on a frequent period and give more options like to show the numbers of emails transacted, how many have failed or delivered.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  11. Local Time Zone change facility is required in admin portal as it is difficult while tracing emails with respect to Local timezone i.e IST

    Local Time Zone change facility is required in admin portal as it is difficult while tracing emails with respect to Local time zone i.e IST with UTC.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  12. ATP safe-links sould not break DKIM signatures when forwarding email outside O365.

    Considering the following scenario:
    - An incoming mail (DKIM signed) arrives from an extrenal domain.
    - The domain in O365 is protected by ATP safelinks.
    - ATP safelinks rewrite URLs and email is delivered to mailbox.
    - The email is forwarded to the external domain (but DKIM is now broken since the contents of the email were modified by ATP Safelinks).
    - When forwarded email arrives at external domain that has a reject DMARC policy in place, the email will automatically fail validation and will be delivered to SPAM folder.

    If user has forward enabled in his account, email should…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Customize Security & Compliance Alert Template

    I created a compliance alert to notify me when anyone downloads a file from a particular folder in SharePoint. But to see what was actually downloaded I have to click "investigate" in the email message and click about 4 times to drill down to the information. I'd like a way to customize the email alert to tell me the name of the file that was downloaded, without having to go through the 5 clicks to find out what it was. It would save a lot of time.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  14. Provide reporting on what messages hit custom spam policies, so that we know how effective the custom policy is.

    Get-HostedContentFilterPolicy
    It seems reasonable to expect that we could track which emails get addressed by the custom spam filter, whether in specific details or simple report numbers, to ensure it’s working for our customers as expected, and for fine-tuning or troubleshooting.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow administrators to apply corporate branding to the ATP Safe Links blocks and scanning pages.

    The warning pages displayed when a user clicks on a blocked link or a link that is being scanned looks very general. It would be helpful if we could apply some basic branding to these pages, with company logo and name. This way, users see immediately that the pages are valid and not some sort of scam.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow admins to query mailbox search history for security investigations

    When we conduct mailbox compromise investigations one of the items we review with the user is the mailbox search history. We use the below method to pull this.

    https://support.office.com/en-ie/article/delete-search-history-or-export-search-history-in-outlook-on-the-web-582647f4-fae8-46ed-9f78-49b919ddfc69

    Would it be possible to make this information accessible through the security and compliance center to help determine if an intruder was running searches in a compromised user's mailbox? Is there any way to get timestamps to identify when these searches were run? Or just make mailbox searches a new line in the audit logs?

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add CIS Benchmark for O365 & Azure to Compliance Manager Templates

    Please can you add the CIS Benchmark Template for O365 & Azure in the Compliance Manager.

    Thanks!

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. allowed domains: list upload should ALSO work in the new admin center

    June 2019: When using the Exchange Online Admin center; protection; Microsoft keeps warning that this has been replaced in 2018 with https://protection.office.com . However several features do not work or do not work well in the new site. For instance going to https://protection.office.com > Policy > Spam , trying to add a list of allowed domains should work by pasting them seperated by semi-colon (;). The list just never takes. Confirmed by Microsoft support.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Unable to search Audit Log by UserLoginFailed

    I am unable to search the Audit Log for UserLoginFailed. (Security & Compliance\Search\Audit Log Search) The entry is found under Activity but cannot be searched online. This feature would be useful when looking for accounts that are/were under attack.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  20. ATP impersonation safety tips Customization with different color highlitenment

    ATP impersonation safety tips Customization option must be enabled with different color preferably RED, so that the users who receive the email will beaware that the email is not genuine/phish/spam.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base