Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. MFA for OME

    Allow MFA instead of OTP in Emails. If a users email account is highjacked, the OTP is nearly useless. With MFA instead of OTP it would increase the security a lot.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Add other products to service trust portal

      As a CEO of a UK SME Microsoft Gold Dev Partner, we are like all SME's overwhelmed by GDPR and other compliance needs. The Service Trust Portal is Excellent. But only covers office 365 and Azure. I wouldnt expect microsoft to assess or be responsible for 3rd party products but, the system is lovely and easy to use so, it would be great if:
      1. There were API's or other extensions we could use to develop our own "plugin" to the trust centre so that we could allow our customers to manage GDPR for our application in the same way…

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
      • Supervion email report results are slow to update in Security and Compliance portal

        Email supervision documentation suggests the supervisory email report is way to view "live" activity. The report is very slow to include new activity - a minimum of 24 hours and even longer seems to be the norm.

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Allow E-Discovery for Exchange Online Archiving

          We are at the moment in a hybrid scenario where part of our users have their mailboxes on premise and the archives in Office 365. Recently we noticed that we do not have any option for actually exporting the Exchange Online Archive contents to a pst, outside of doing it from Outlook (we are in a Citrix environment and users are located in different countries so that would not be easy).
          It would be great if we had an option to search/export the archive contents for hosted archives.

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
          • How do I get admin rights on my PC: I cant even access this portal and this is my personal PC https://portal.microsoftonline.com/.

            Please can someone contact me to help me get admin rights to my personal PC. Cant even log on to this portal and I own office 365?

            https://portal.microsoftonline.com/.

            can someone please help

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
            • Delay in DLP admin alert mail.

              Delay in DLP admin alert mail which is coming from office365lerts@microsoft.com. Delay time is 10 to 30 min.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
              • Auto-run queries and auto-save files

                Allow specified queries to run at a pre-determined time every day and send an email notification if there are any hits on the word search. And, automatically save an audit file to a specific drive.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
                • Multi-cloud support for Microsoft 365 PAM

                  Support for non-Office 365 and other cloud service providers through privileged access management in Microsoft 365 (e.g. Salesforce, Dynamics, SAP, Service Now etc.)

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • Journal unencrypted messages in original format when JournalReportDecryptionEnabled is set to true

                    Currently when JournalReportDecryptionEnabled is set to true, the archive mailbox gets an unencrypted message with a winmail.dat attachment. The winmail.dat attachment contains the original unencrypted message.
                    Instead, it would be much more desirable to simply journal the original message in unencrypted format.
                    For FINRA (and possibly other agencies) regulated organizations, this is required so that the journaling provider is able to properly index and search journaled messages.
                    This is causing us to have to use a 3rd party product for message encryption and we'd love to be able to keep that all on Office 365 instead.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Advanced Threat Protection and Safe Links

                      We had an email with a link that was pointing to web page with multiple link, none of them safe. One of the Phishing URL brought up a spurious Microsoft Office login page. The Safe Link process of ATP failed to stop this email which was delivered as safe. Safe URL scanning should check everything, going as deep as needed to check for possible threats.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add PCI DSS as an assessment to be performed

                        It would be nice to have PCI DSS as an option to track in security and compliance (mainly having microsoft respond to the service provider controls and then I can complete the customer required contols).

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Automatically prompt to install .NET Framework 4.7 when the new eDiscovery Tool is prompted to download

                          I shouldn't have to have to hunt for a separate installation of .NET 4.7 when our users have to download a new version of eDiscovery. It should automatically install with the tool if not installed.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
                          • Separate area to BLOCK email addresses and domains (not allow it to get to the user, or use transport rule space)

                            A block list (email addresses and/or domains)
                            - which doesn't use up 8K of transport rule memory
                            - which BLOCKS it (block should mean BLOCK). Blocking should NOT ALLOW IT TO GET TO THE USER (even if it's their Junk Mail).

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
                            • Security-sensitive SMB forum (Drs, lawyers, finance, audit...). Community trust providers need security feature attention ASAP.

                              Basic legal compliance needs shared by many important specialty community trust providers will not be served, if only votes are used to determine features.

                              The best of high trust industry providers are of minority size (i.e., professional dr, lawyer, finance, audit, IT security firms). But, this minority serves the vast majority's sensitive needs (both consumer, commercial, and government) with fundamentally important trust at the core of their services.

                              So if the majority wants secure bank/health/educational/location records - then supporting the shared needs of these high trust minority providers is key to helping solve bigger problems.

                              For example, a simple process…

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                              • Hate UserVoice. Is limiting my ability to sign petitions on topics I care about!!

                                Hate UserVoice. Is limiting my ability to sign petitions on topics I care about!!

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                                • Intune Policy based deployment

                                  Policy based deployment which at least encompasses capability to automate deployment of updates. e.g. Granular calendar based control to deploy say deploy all security updates to these specific groups on 21st of every month etc. You may want to use the new Azure AD dynamic grouping, at this time I know nothing about this as it's not rolled out yet.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
                                  • I had a great support from Office 365 Security team this week. I was constantly attack via phone.

                                    I had a great Support from the German SecurityTeam of Office 356 this week (Mr Demtschenko). He made great efforts to help the attacks I was getting by phone and investigatet that the number that called me was suspicous, plus, the method they used (looking up one´s Computer ID) was faked by telling me some number that is installed in all Computers with Micrososft installed. A good advice to prevent such Information is eventually to inform customers ahead, in what cases one should be suspicious to fraud or phishing as for instance, calls from "Microsoft Headquarter".

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Attack simulator spear phishing template variables

                                      In the attack simulator to run a spear phishing attack, the template variables are only username and URL. Adding another variable for email address would be helpful in addition to these as email address is often the user ID for many accounts, so being able to display the email address in the template would further simulate true attacks.

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Advanced Threat Protection Wrongly processing all tenant users with the same domain

                                        If when creating a rule for Safe attachments or safe links domains are selected instead of individual users, everyone in that domain gets the ATP service regardless of subscription. It is great to have multiple rulers when you want to apply different rules to different users, It is a burden to have to enter and maintain these lists when the rule applies to all users with the ATP subscription.

                                        Request is to put an additional logic in the tool when domain is selected to check if the user has the ATP subscription before applying the rule and ATP process.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Support for multi-values in Asset ID in event-driven retention

                                          When using event-driven retention, users apply a label (that's tied to an event type) and an Asset ID to documents. I believe right now only a single value can be entered into Asset ID. Is there any plans to support multiple Asset ID's (i.e. make Asset ID a multi-value field)?

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base