Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Is there any virus scan being run?

    Can you scan incoming emails for attachments containing malware? When we used Websense, they scan and blocked them all. With Microsoft "security" they are flying in like a knife through tissue and into my user's mailbox.

    MS tech support has me block the sender's ip address after the email has flooded the office, but the blatant stupidity of such a solution needs no further discussion.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  2. Compliance Manager does not seem to be secure by default

    I think Compliance Manager (https://servicetrust.microsoft.com/ComplianceManager) should be restricted to users with Compliance Administrator role in the tenant. It appears that any users in the tenant can view Customer Control details and this may expose sensitive information to users unauthorized to view details.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add DKIM signing to Calendar messages sent from Outlook

    Calendar messages sent from Outlook are not DKIM signed, thus it is not possible to follow step 3 in the "Best practices for implementing DMARC in Office 365" found here:
    https://docs.microsoft.com/en-us/office365/securitycompliance/use-dmarc-to-validate-email#best-practices-for-implementing-dmarc-in-office-365

    By Calendar messages I'm referring to Invite responses and Meeting requests.

    This is resulting in emails failing to be delivered due to our DMARC policy for the receiving email servers that are paying attention to DMARC, such as GSuite.

    I have had a thread with support in regards to this and it was suggested I posted here:
    "I have had a look and am not sure why Calendar invite…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enable searching the audit log by IP address

    The audit log search is a fairly quick way to triage certain events, but it's lacking one big feature to help locate certain types of issues or attacks: search by IP. While the IP is returned in the results there isn't a way to pivot from it or use it to then find other events from the same source. This would be extremely useful to identify events from the same place very quickly and escalate or resolve them.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. threat management dashboard

    Email submissions not visible on the Threat Management Dashboard. Especially when sent in .eml format to phish@office365.microsoft.com

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Get-User does not show default authentication policy

    When you set an exchange default authentication policy the default authentication policy is assigned to all users who don't already have a specific policy assigned to them. However when you query Get-User their policy is null. It should show (default) so admins know if a user has a policy set.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  7. OME OTP message trace

    we have externals stating they are not getting the OTP messages for OME; but there is no ability to validate / prove.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  8. Threat Management Policies break and cannot be edited or deleted if policy name contains invalid characters.

    Example: Name an ATP Anti-phishing policy with comma "," characters:

    Example Policy Name that works: Name01 Name02 Name03
    Example Policy Name that breaks edit and delete: "Name01, Name02, Name03"

    Repro Steps:
    1. Login to Security and Compliance Center: (https://protection.office.com/#/)
    2. Click on "Threat Management"
    3. Click on "Policy"
    4. Click on "ATP anti-phishing" (https://protection.office.com/#/antiphishing)
    5. Click "Create"
    6. Name your policy: Name01, Name02, Name03
    7. Continue with Policy Wizard and click "Create this policy".
    8. Once policy has been created, check box the policy "Name01, Name02, Name03"
    9. When pop-up menu appears, click "Edit policy".
    Error:…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  10. Need an improvement for an issue that file contents which is shared with users via Microsoft Teams cannot be audited

    It is inconvenient that I can’t audit file contents shared with users via Microsoft Teams, and I would like to request to improve this behavior.
    For example, I’d like to see whether our company confidential files are disclosed by checking audit log to see the files shared via Microsoft Teams by users.
    Or I would like you to provide a setting option to disable the file attaching function in Microsoft Teams. Otherwise it impacts our business because it becomes difficult for me to allow users to share files, which is inconvenient. Also, I need to inhibit using Office 365 group…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  11. safe link didn't work at the moment receive the email with suspicious link and click through that link

    safe link didn't work at the moment receive the email with suspicious link and click through that link.

    the link will be rewritten after some time.

    why this not work at the moment email arrived?

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Exchange Online Advanced Threat Protection - Excess of Timeouts

    We have recently suffered several bouts of emails simply timing out through Exchange Online Advanced Threat Protection. This has taken place during a pilot for the system in our organisation and has not instilled us with confidence to use it. When dealing with Microsoft Support we have been informed that other tenancies/customers were experiencing the same problem and that Product Engineering had investigated and the problem was resolved only for the problem to reoccur a few days later with the same response.
    There is no System Health Status in the O365 Portal for ATP, can this be added so that…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  13. Encrypt local hard drives/files subscribing to Office 365 (BitLocker for 365)

    Users who subscribe to Office 365 should have encrypted hard drives (I think Office Enterprise offers this) - in the event laptops are lost/stolen, local data is encrypted

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Exchange Online Alerts similar to OneDrive "..recently deleted a large number of.."

    When I delete a large number of files in my OneDrive, SharePoint will email me saying "Heads up! We noticed that you recently deleted a large number of files from your OneDrive".

    I am looking for this sort of feature, but for Exchange Online and when any user deletes a large number of items from their Deleted Items folder, the admins could be emailed with an alert.

    Currently I see no settings for the Alerts in Security & Compliance for this activity.

    This would help in the event someone leaves the company 'sour' and wipes their entire mailbox. Rather than…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Can you give your opinion to baseStriker Attack?

    I have beed asked by the Security department related the following Topic described in the links below:

    https://www.avanan.com/resources/basestriker-vulnerability-office-365
    https://thehackernews.com/2018/05/microsoft-safelinks-phishing.html
    https://securityaffairs.co/wordpress/72279/hacking/basestriker-attack-technique.html

    Security researchers at cloud security company Avanan have discovered a technique, dubbed baseStriker, used by threat actors in the wild to bypass the Safe Links security feature of Microsoft Office 365.

    The Safe Links feature is designed by Microsoft to protect Office users from malicious codes and phishing attacks, it is part of Microsoft’s Advanced Threat Protection (ATP).

    Beginning in late October 2017, ATP Safe Links protection is being extended to apply to web addresses (URLs) in email as well…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  16. Feed back and reporting on soft purge of mail items

    Currently administrators create a case in Content Search and then run the powershell to soft purge required mail items that meet the criteria.

    At present there is little feedback to confirm that the data you have targeted for deletion is really gone short of the time consuming method outlined by MS for checking in discovery mailboxes.

    A report listing the mail item details that can be exported on a successful completion of the new-compliancesearchaction would allow an admin to confirm that the emails they planned on deleting have all been cleaned up.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Delete unused shared easily

    Need a way to delete unused shares with a batch / automatic job. A builtin report showing those unused share would also be nice

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Search option for identifying malware domains in Office 365 Admin panel

    How do we identify in O365 Admin panel about domain being marked as malware. Recently we had hard time in identifying this and O365 support team took 10 days to find this resolution for our mails being marked as PHISH instead of SPAM.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add the ability to filter real-time reports by the custom anti-phishing policy so that we can see the amount and which emails are impacted.

    This report is within Security and Compliance>Threat Management.

    It currently only shows the technology, the protection policy is listed as a code which is impossible to decipher. There is no way to tell if it as result of a custom anti-phishing policy. It only implies the technology.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  20. Send a notification when a Global Admin changed the specific Company resources, such as mailbox or account in Office 365 Security & Complian

    Please add a feature to send a notification to monitor if Global Admin changes the certain tenant information to avoid the unexpected change on users or mailboxes.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base