Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Email notification when a device is unenrolled from the Office 365 MDM

    Would it be possible to implement an email notification when a device is unenrolled from the Office 365 MDM? Right now, if a user has administrator rights to the enrolled device, they can unenroll it without any notification being sent to the IT staff.

    Thank you

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Data protection and the possibility to delete part of received mails.

    Hi Microsoft, With the new European personal data protection legislation soon to to apply, it would be a great help if we could have a possibility of deleting personal information in incoming mail (without resending and deleting original mail, as this may be part of a longer discussion which we actually need and where we would also want to trace other part of the mail correspondance for further use). Senders are not always aware not to add 'personal dataprotected bits of information in e-mail, and often it is part of normal day communication to disclose that you have been ill…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sanitize content from any sensitive information type prior sharing outside organization

    Scenario will be to trigger a DLP policy on a specific sensitive info type within a document or email.
    Then trigger an action to clean/sanitize any sensitive info type found and potentially replace it with a note.
    End goal will be to enforce a least disruptive DLP policy for end users allowing them to share content outside the organization with safety net of replacing sensitive info type automatically.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  4. Left User One drive and migrated to New user ONE Drive

    I understand this requirement is import to you. I also tried my best to try to escalate the case for you, but it’s declined because this request is out of our support boundary. According to our process, non-support features cannot be escalated.

    Really sorry that I cannot be more helpful. To not waste your time from our side, I’d like to recommend you submit the request via the following channels. We have limited resources regarding some issues and requests, but the following support channels may help you further with more options:

    Premier support: https://premier.microsoft.com

    MSDN Forum: https://social.msdn.microsoft.com/Forums/en-US/home
    Partners support: https://pinpoint.microsoft.com/en-us/

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Database move activity

    We have faced one issue, as during the database move activity over cloud has enabled few features of the Mailboxes that we have disabled for our domain.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Is there any way to enlarge the widget for 'Origin of threats' - it's the tiniest of heat-maps. I'd love to see it full-screen

    The origin of threats widget is so tiny - as to be nearly useless. It's a fascinating look at detected threat origination - but the widget is so tiny, I'd love to be able to pull up a full-screen view.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  7. Content Search "Item Identity" is not the same as the outlook graph api ID value

    If the content search results file "Item Identity" value matched the id value returned by the outlook ms graph api, I could pull my results via API and avoid filename/path size issues when investigating with my tools. Or give me a way to iterate on these messages without having to download, via powershell, would work OK too.
    Thanks.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Microsoft Ticket 7765577 Email address: sales@garrtool.com An outside person used an unprotected page of our Web Site to generate 100,000

    Microsoft Ticket 7765577 Email address: sales@garrtool.com

    An outside person used an unprotected page of our Web Site to generate 100,000 emails. On Sunday April 1, 2018 10,000 emails were send and then Microsoft blocked the account and then Monday April 2, 2018 before we opened for business Microsoft open the account again and 10,000 more were sent out and Microsoft blocked our account again. When we started work we found a lot of rejected emails and that we could not send emails. We shut down the Web Site until the bad page was turned off and later fixed with a…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Governance

    Data Governance - SharePoint and OneDrive Default Retention labels and Asset Id from Folder

    Documents without retention labels already applied (or documents that have their labels cleared, None) which are placed in folders with a Retention Label with an Event Type, should get both the Retention Label as well as the Asset Id (ComplainceAssetId) that is set on the folder the document is placed into.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add new rule "Allow region "in conncetion filter under mail protection in office 365 admincenter.

    Employee's email ids has to work in specified country region. so we can protect misuse of email logins in other regions.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  11. Status Update Sync Interval

    When performing an action, such as soft delete, on email(s) via the "Hunting" tool, the status remains "In progress", long after the emails are successfully deleted. When going back to review the logged incident, the status does indeed update to "Completed", however this does not occur for hours after the initial action was taken. I would like to see this sync time decrease to update the status quicker.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. メール送信者自身の監査

    メール送信者自身の監査ログが見る事が出来ないようなので、メッセージ追跡(最大保存90日間)やコンテンツ検索ではなく、監査ログの内容が見れるようにしていただきたいです。

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. do not block safe sites

    My idea is that you should not block a perfectly good site. I was receiving information regarding an ornithological research project and you blocked it.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Track all URL clicks in ATP (Blocked or Not)

    Currently, ATP SafeLinks only logs clicked URLs once they've been blocked. We have no way of tracking users that clicked Blocked URLs that ATP previously considered safe.

    Please track ALL url clicks regardless of their disposition and make this available via the Get-URLTrace powershell command.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  16. Physician, heal thyself.

    Anti-spoofing measures are a bit of a joke when Microsoft just spoofed my email address to spam my kids about Family Notebook.
    Speaking as a consumer, I can assure you this was a very poorly conceived piece of marketing.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Emails in the junk folder still ask if we want to send a read receipt. Seems like a security concern

    If I have labeled a sender as junk, it seems risky for my to have to click on something thy have sent. If I have classified them as junk, I would rather not be asked to send a read receipt

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow verification that auditing is turned on via the Security & Compliance Center

    A simple page where O365 admin users can view and verify whether or not auditing is turned on

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  20. restrict connection to office365 or Exchange on-line specifically, from computers connecting through one internet IP address.

    This might be possible already, but the tech who assisted me with case number 10611929 did not mention how to do this, but all company computers are behind a single internet gateway with a single public IP address. We wish to limit email pickup to computers behind that address and allow no others, although there mat be a couple of exceptions (not sure how that would be done, but anyway...)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base