Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Powershell, powershell, powershell...

    ...if you need more than just the title, you haven't been paying attention to your customer base over the past 6 years.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  2. Fix Review-] Quarantine email displayformat! It currently sucks!

    Why does the new Security & Compliance -] Home-] Review-] Quarantine show fewer emails in a worse format than the Exchange admin center -] Protection -] Quarantine ??

    2 or 3 weeks ago they added a check box to the Security & Compliance Quarantine which causes a large gap between emails that does NOT exist when review Spam/ Malware / Phishing inside the Exchange admin center -] Protection -] Quarantine

    Also why does the Why does the Security & Compliance -] Home-] Review-] Quarantine pop up a details box blocking the subject when multiple emails are selected. I have to…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Improve support for mailing lists in spam/phishing filtering

    When users are sending messages via a mailing list (mailman, for example), there is often a mismatch between the From: Header and the Sender: Header , there the From: is the real sender while Sender: is the mailing list's address. Most mailing lists implement this so replies work properly and so SPF works correctly. EOP/ATP sees this as a phishing attempt (which, admittedly could be the case). Adding the mailing list to the allowed senders does not work as ATP seems to be checking the From: header only, so stuff still gets blocked. Premier support always suggests creating transport rules…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow the ability to change the timeout period for approving messages caught by DLP.

    Currently O365 does not allow admins to change the timeout period for approving messages caught by DLP. By default it is set to 48 hours which is not long enough in the environment we are part of.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow for Domain Exclusions

    We should be able to do at least one of two things between Sec & Comp it Exchange.

    1) Add domain exclusions in the Security & Compliance Center for external domains. In this way DLP policies we setup don't apply to those domains.

    2) Allow for sending email notifications to the internal sender of an email, not only allowing a policy tip

    Our staff really like being able to get an email notification when an email they send out is delivered to recipients encrypted. For now we are sending the notification with DLP and doing the encryption in EOP. We…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  6. Release a Phishing Login server URL from the security blocker

    I would like you to release a Phishing Login server URL from the security blocker in the users’ environment. The URL is set when simulating a phishing attack by using Attack Simulator in Office 365. Because it would be blocked, we can’t review the page shown after entering credentials, and we can’t actually test the effects. So I would like you to release the URL from the blockers in a security software or browser security.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. License report

    Create license reports per O365 subscription. example: E1, E3, Project Online, Visio, Power BI, E5, etc? with end user login, UPN, Country, purchase date, last usage date.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  8. office 365 does not work

    office 365 outlook doesn't sort, doesn't load, doesn't send, basically doesn't work. i have updated loaded, reloaded, reloaded, updated, deleted, reinstalled, updated, reinstalled, reloaded.

    doesn't work

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Imporve Mailbox usage Filter - to see usage of shared mailboxes - if need reach limits of 50GB it needs a Online plan 2

    When a shared mailbox reaches his limit of 50GB, it need a Online plan 2. We tried to achieve this by the portal.office.com but we cannot filter the csv usage list on user mailbox and shared mailbox.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve reliability in exchange online Message Trace/Mail flow tool

    had in issue last week where recipients claimed not having received a particular mail which was sent with "Send As" permission. Putting the message ID of that particular mail in the Exchange Online (extented) message trace tool, did not return any information. Message Tracing is a vital tracing tool for IT administrators on which we must rely for 200%. Message trace search on subject should be implemented with high priority!

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  11. malware

    Just as there is a bypass for Spam, there should also be a way to bypass Malware detection. We are fighting an issue where an HR document that is sent to new hires as a .docm is being stripped from the communication. There should be a way to continue to block .docm files but exclude scans of filenames you know and trust. Thanks

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  12. ContentType

    There are content types Audit.General, Audit.SharePoint, Audit.Exchange, Audit.AzureActiveDirectory and DLP.All but did'nt find content type returning data for "Security And Compliance Centre".So i think this should be added to microsoft doc.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. I want to reduce the time it takes to export content search results.

    I want to reduce the time it takes to export content search results.

    When exporting content search results in the Security & Compliance Center, it takes time if the amount of data to be exported is large, so I want the ability to export in a short time.

    コンテンツ検索の結果をエクスポートするのにかかる時間を短縮したい。

    セキュリティ & コンプライアンスセンターのコンテンツ検索の結果をエクスポートする際、エクスポートするデータの量が多いと時間がかかるため、短い時間でエクスポートする機能がほしいです。

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add a do not in sensitive type type and conditions to have a "does not include"

    Need the ability to not match if the target includes xyz. For instance, match all sets of numbers like 1000-9999 except for whitelisted numbers found in a keyword dictionary. That way we could match on all combinations, except the ones we say we don't want to match on.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  15. Suppress repeat DLP alerts

    When an email triggers an alert, it continues to send them as each reply to the thread is sent.

    I believe that the users involved should continue to get alerts, but admins should have an option to suppress repeat alerts. Having 10 alerts for the same identifier does not help us investigate, it just creates noise for us to work through.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  16. Better SPAM filtering by allowing address portions to be use

    Lately a SPAM house is defeating all of my ANTI-SPAM efforts by using revolving domains, subjects and addresses. Each address has one thing in common right now, they all com from Contact@domain.com. If your SPAM options would allow me to use the "Contact@" portion of the address as a search feature, I could block a whole host of e-mails coming in. Then if they used "Comments@" Support@, or any other common tag, I could filter them out, but Outlook does not allow us to filter on a portion of the address. But maybe it should.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Encrypted Email Bug

    I activated a mail flow rule to encrypt an email when a specific word is the subject line. When an internal user receives an encrypted email and replies, the Signature drop down does not show the user created signatures. The only workaround is to change the Outlook options to add a signature to all replies/forwards. This was identified as a bug after submitting a Microsoft help ticket.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. DLP Policy Sharepoint location url filter / wildcard

    DLP policy limits to SPO sites per policy. in a shared tenant we have different data classification and DLP policies per division with lots of sites collections.
    ability to filter based upon site naming (prefix) convention <tenanturl>/sites/CO*

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  19. Advanced Threat Protection - failed to scan for hyperlink inside an email attachment.

    There is an email attachment inside the incoming email. The email attachment contains a link that points to the phishing web site. The same link can be identified as phishing in Edge or Google Chrome. I forward the same email to gmail and it can be successfully filtered. The ATP of the Office 365 needs to be strengthened.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  20. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base