Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Fix GCC High Sensitivity Label Policies and Functionality

    Labels currently do no request reasons to reduce level, labels do not reapply after first application, and there is nothing that allows me to crawl data that is dumped into the environment and label after the fact automatically similar to AIP which is being retired. I need to be CMMC compliant and this needs to be resolved.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  2. Status of exporting search results

    Exporting search results from the Security & Compliance Center has the following limits:
    - You can export a maximum of 2 TB of data from a single Content Search.
    - Your organization can export a maximum of 2 TB of data during a single day.
    - You can have a maximum of 10 exports running at the same time within your organization.
    -A single user can run a maximum of three exports at the same time.
    https://docs.microsoft.com/en-us/office365/securitycompliance/export-search-results#export-limits

    It's convenient if we can get the status of exporting search results.
    ex. the number of running export request

      the size of exported
    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  3. show browser used for user activities and more users.

    There should be more details in the audit log search results.
    It is better if the browser used by the user will be recorded to do the activity and if it is user initiated or there is a malware that has caused the activity.
    More details that will help in investigation of files will be helpful.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Microsoft managed Azure Database for Audit Logs

    Microsoft should build a database that can hold all the Audit logs automatically and charge a monthly fee for it. Since there is a 90 day limit to Audit Logs, and we all need to be able to "document" actions that have been taken on secure sharepoint sites, we need for the audit logs to automatically move into an Azure database that Micrsoft Maintains! Many of us have investigated 3rd party products and they are MISSISNG DATA!!! So please, set it up, and we will pay for our Azure Space and the Audit Logs to be rolled off. This should…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  5. mailredirect alerts need to include the target of the change

    The mailredirect alerts indicate the user that was used to make a change, but not the target mailbox that was modified. We use a single account to make many automated changes via powershell, and so we receive hundreds of these alerts that all identical because they don't include the necessary information. Including information on the Target Object/Mailbox would allow for much better alerts. We called support and it took support more than a week, working with engineers to realize that the user specified in the alert was not the user being modified.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  6. Security score

    In Microsoft 365 security there is a Secure Score with three subcategories Overview, Improvement actions, and History. Under there is a note saying - Actions you can take to improve your Microsoft Secure Score. Score updates may take up to 24 hours.​ But after talking with Microsoft Office 365 support I got an answer that this technology is pretty new and actually secure score updates up to 72 hours., So what if you change this 24 hours to 72 hours, so other people who are looking on the history don't get confused why secure score is not updating. What if…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  7. Option to extract the "sent and received email reports"

    Option to extract the "sent and received email report" like we can in many other report types.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  8. from name display in outlook - dangerous shortening

    Outlook and Outlook web are displaying the Sender Name.
    Analyzing a successfull spoofing attack, i recognzied that Outlook is not Always displaying the full Sender adress.

    The Mail was like:
    MAIL FROM: <wicked@spam.com>
    From: Display Name <good@wellknown.com> <wicked@spam.com>
    (no sender field)

    Outlook displayed. "Display Name <good@wellknown.com>"
    Outlook did not Display the wicked@spam.com, but this was the real sender. The Methode above is a nice trick to Bypass spf checking, and if good@wellknow.com is an internal address this may also be a good Methode to spoof. The from field is not rfc…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Use mean and percentils in security score instead of average

    Improve Security Score comparison metrics by using descriptive stats rather than raw score and average,

    Replace the average metric with mean and percentiles for better benchmark against the business vertical and global users.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Notification MFA Blocked user

    When a user gets blocked due to failed MFA login attempts there is no notification sent. A helpdesk may be trying to assist but not have any visibility of why the user is failing MFA.

    It would be useful to have this as an alert so when a user gets blocked in the Azure AD Blade:
    https://aad.portal.azure.com/#blade/MicrosoftAADIAM/MultifactorAuthenticationMenuBlade/BlockedUsers/BlockedUsers/

    Also a lower level RBAC role could be granted access to this such as Privileged Authentication Administrator as currently only Global Admin accounts can check to see who has been blocked.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Insider Risk Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Near Duplicates and/or the Exact Duplicates controls NOT displayed in the remediation action toolbar

    Near Duplicates and/or the Exact Duplicates controls NOT displayed in the remediation action toolbar. This is inconsistent with the manual.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  12. In Exchange Online Mail Flow Rules, add an option to check for the total number of attachments on a message.

    A user attaching a large number of files to an email could be an indicator of data leakage, eg. sending sales or contact information to a personal account ahead of leaving an organisation. Allowing mail flow rules to act based on an attachment count could provide a quick and easy form of DLP.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  13. Include definitions for Eco Manager's Certification Scope columns

    Include definitions that describe what each column refers to, e.g., what are Certification Dependencies and how do they relate to Office365 and CRM.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. Get-O365ClientOSReport only give data upto 18-Jun-16. How i get data upto yesterday

    Connected office 365 using url https://outlook.office365.com/powershell-liveid/
    and try to fetch the data using "Get-O365ClientOSReport" Command

    but it not giving this month data

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  15. In Office 365 ATP dynamic delivery mode, if an attachment was removed after scanning, ability to quarantee or remove email from mailbox.

    Ability to delete/remove/quarantine an email from users mailbox when ATP safe attachments using dynamic delivery when file is considered dangerous and removed.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Not sure

    Normally they are ****

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Provide a user created hash list for easy exclusion before getting to the Review Set.

    In the review sets there are a ton of shell files that don't need to be there. It doesn't make sense to pay a reviewer to click on a twitter logo used in my organization, wait for the page to load, decide that it isn't relevant, mark it as such, and move on. Alternatively, have visually nested review sets. The email that may have relevance first, and then nested underneath that, all the contents/attachments/logos for quick exclusion.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  18. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Restrict Delegated Access to Quarantine Emails

    The organisation I work for is really many legal entities that all work together as one organisation. Everybody is in one tenant so they can collaborate.

    As we have many legal entities, there are many different local IT administrators. If we provide these local IT admins with delegated access to quarantine, they receive access to ALL quarantine emails across the tenant.

    We need a way to restrict who can access which quarantine emails. For example, IT admins in Brussels should only be able to access @brussels quarantine email addresses. Or delegated users in a particular Azure AD group should only…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Kindly include the condition - 'Deleted Items' (to retrieve all deleted emails) from search content of Administrator - protection.office.com

    Kindly include the condition - 'Deleted Items' (to retrieve all deleted emails) from search content of Administrator - protection.office.com

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base