Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow DLP Exclusion Based on Document name IE: DocumentName.xlsx

    To reduce the amount of DLP false positives that my organization receives, I would like the option to Exclude a document if the document name contains a keyword or phrase (IE: "Site Codes Tracking Sheet").

    This would allow for "Madison Site Codes Tracking Sheet" or "XXXX Site Codes Tracking Sheet" to not be flagged as a DLP policy violation.

    Currently one of the pre-built/default Sensitive Info Type we use is alerting on something that is very similar to the chosen Sensitive Info Type in the way it is formatted. We do not want to increase the match accuracy any higher…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  2. Rollback option for exchange related services for administrators.

    The possibility for administrators to perform a rollback for i.e. calendars and e-mail inboxes etc.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. GeoLOC Blocking

    We are seeing failed login attempts to O365 for ourselves and our clients from across the globe as hackers exploit OSINT. Please give us and our client to block login's to our company's accounts by IP Geo Locatons.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Recovery of account is impossible if you forget your password and change email addresses

    I can give every detail of credit card but you keep saying not enough to verify account. I have spoke to an agent, no help. I have been to a store, no help. All I want id the tax invoice for the AU$129 dollar paid on 6 March. No one can send it to me.
    abf_secretary@live.com.au but I have no access to this email now

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Obtain sign-out logs from O365 audit logs

    I would like to know how often internal users use O365. I would request for O365 audit logs to have a function to obtain sign-out logs for those users, so that I can check above.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Limit location specific sign in by user, not all or nothing, without having onsite servers.

    We would like to use the location specific sign in for most of our users. Just not the administrators. Also, we would like to do this without having onsite servers. These are expensive to maintain and we aren't a large enough company to afford these.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. SharePoint online has an issue with the new skin where IRM protected documents over 30mb fail on upload.

    Changing to classic view resolves the issue, can you ensure that this bug is resolved for IRM as it causes inconvenience for users.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. How to Unlock Excel Password Protection?

    Here is the smart way to Unlock Excel Password Protection via eSoftTools Excel Unlocker Tool.

    Best features of Excel Password Unlocker Software:-

    *) Recover Excel, Word, Access file password
    *) Unlock Excel (.xlsx, .xls, .xlsm, .xlsb, .xla, .xlam, .xltm) file password
    *) Three recovery attack options like:- Mask attack, Dictionary attack, & Brute Force attack
    *) supports all MS Excel versions 97 up to 2019 and Windows 10 (32-bit, & 64-bit).

    It has offered a FREE DEMO VERSION to user preview.

    Get More Info:- https://www.excelunlockertool.com/

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. MFA Authenticator App Security with iPhone Multi-Touch Display

    With the iPhone multi-touch display (currently on the iPhone 7 and future) security is bypassed. I do not have to unlock my phone to respond to a request from the Azure Authenticator App which bypasses the security of the phone. Make it so that I have to unlock the phone before the authenticator app will respond. DUO MFA already does this and it works better.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. 90 Temporary password email can be misleading

    When a user has their password set or reset, they get notification that says PW is TEMPORARY for 90 days REGARDLESS of the system wide PASSWORD NEVER EXPIRES option you may have turned on so it gives the end user erroneous and contradictory information than what the administrator may have told them.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Better spam reporting options / instructions

    I can not (ever) find how to report spam in Microsoft Exchange. The instructions for reporting all refer to Outlook, and the options given do not work in Exchange. I have two messages I currently want to report that purport having come from Microsoft.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Mailbox block delivery to client program

    According to the new data protection law in Spain and Europe, users have the right to digital disconnection of the company during the time they are outside the company and / or during the days of leave or vacation. If they request it individually, I should be able to prevent them from receiving emails on their mobile phones and laptops (if requested), during those moments. To comply with the law.
    How can I configure this in the Outlook panel. Office365.com for my company and my Exchange users?

    The answer is:
    To disconnect the exchange service, you can execute the following…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  14. Changes in permissions in SCC should be visible in SCC audit log. It is not so currently... We were surprised to find that when one of our u

    Changes in SCC Permissions should be logged in SCC audit log. It is not so currently...
    We were surprised to find that when one of our users lost access rights (roles) to some actions in SCC, there was nothing in audit log. And when we renewed the access for him, there was again nothing in audit log. More details: Ticket 11034713.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Zero-Hour Auto Purge (ZAP) action status

    ZAP is not working (showing as failed) when a domain is on an allow list. Can you change the result to "not applicable" instead of failed? That would help identifying the root cause, because "failed" could also mean a service degradation.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. conditions

    The recent change to not allow search queries to be manually typed out in the Keyword box is negatively impacting the ability to run more complex searches in the Compliance Center eDiscovery searches. By only allowing search criteria to be added with Conditions boxes the ability to run more complex searches has been severely reduced. Please roll back this change and allow the researcher to either use the Conditions boxes or to manually write out the query using the searchable email property query language (as was the case for the past several years).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. Extend The Office 365 Management API to include SharePoint 'DocumentID' in the Schema

    We have a business requirement that the Audit Logs (Office 365 Event and Audit Log) should include a SharePoint Document ID within the exported log. This allows our compliance teams to query the log's based on a Document ID and review the file actions, rather than using a ItemID or other GUID.

    Content-centric applications provide such functionality, but we have found that the Office 365 Management API provides some good benefits but does not provide the ability to extract the DocumentID against a file referenced within the Audit Logs that exists in SharePoint Online.

    It would be great if this…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  18. l

    post wot you have got would like a delivery please

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  19. Access to Remove TLS 1.0/1.1 and 3DES

    I tried to view the report for removing TLS 1.0/1.1 and 3DES (MC171089)

    My account gets logged off when downloading the report in Service Trust Portal. The Global Admin account downloads the report, but does not know where it is downloaded to, which makes it inaccessible.

    I cannot find the report from the Azure Portal.

    You make security and administration of O365 so ******* us.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  20. Log time and day when an email is opened/read by a user

    While investigating an email incident, it would extremely useful to have the history of when a user first opened/read an email.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base