Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Quarantine should have a button to report phishing emails.

    I get hundreds per day and it's impractical to release them all and report them.

    Working in the Quarantine is a MESS! The GUI is something I'd expect back in the 2000's.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Language Office Message Encryption

    I believe this is a MUST for multi-national companies. When OME sends out it's generic wrapper email to the recipient, it needs to be read by the recipient in the language they are fluent in. I know it is hard to know what language the recipient speaks, so maybe the best approach is to pick the top 25 languages used in business and translate it to those 25, and place links to each translation in the top of that generic email to the user, so they can click on the correct translation and read in their preferred language.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Unencrypt Replies Automatically Based on Recipient Being Internal Not Sender

    the old OME 1 allows us to enencrypt replies automatically based on the recipient being Inside the Organization, the new version of OME only does it if the Sender is in the Organization, please allow us to unencrypt the replies coming back in to our company based on the recipient being inside the organization, it's a pretty common need

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Portal for external users to send secure message to users on Office365 without having to force encryption for all incoming domains

    We just migrated to Office365 and noticed that we don't have the ability for customers to send us secure messages without forcing encryption on all incoming messages.

    We had a portal for customers to use and create an account, then they would be able to send us a secure message within the portal. We would like to have similar feature for Office365 but it is not available now.

    The work around for this is for the customers to call into our Customer Service Center, we then send them an encrypted email. They would need to get a onetime passcode in…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Policy Tips for Office for Mac 2016 do not display

    Policy Tips for Office for Mac 2016 do not display. The user only receives the email message if it is denied based on a DLP rule. It seems unjust that there is a discrepancy in features that function across the different OS's when the price is the same. Would like to see this working and it is NOT an advanced feature.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  6. With the Possibility to convert excel to pdf with password encryption. This is achievable with Word not excel however.

    With the Possibility to convert excel to pdf with password encryption. This is achievable with Word not excel however.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. control access to offline data

    Need to be able to remove cache OneDrive for Business, SharePoint Online Document Library and mailbox data from users devices and PCs.

    Currently a user can sync all this data to there personal devices and computers. Once they leave and O365 account is disabled, they still have access to the offline data.

    Need to be able to limit how data is accessed.
    Offline data needs to be encrypted, once the O365 user account is disabled the cached data becomes inaccessible or automatically deleted.
    The Office desktop protection or other service should phone home as soon as system is online and…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow emails sent to phish@office365.microsoft.com to contain malicious attachments

    Some emails our users send to phish@office365.microsoft.com to report phishing are being rejected by Microsoft because they contain malicious attachments. That's ridiculous. Of course a suspected phishing email might possibly contain a malicious attachment!

    Instead of rejecting the message, Microsoft should accept it and have their technicians who handle the phish@office365.microsoft.com queue working in an environment where they're not susceptible to malicious attachments.

    FWIW, the reject message is "550 5.7.1 TRANSPORT.RULES.RejectMessage; the message was rejected by organization policy" and a Microsoft tech confirmed it was due to the file attachment in support ticket number 14365410.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. In Exchange Admin Center and Content Search allow searches to be copied or cloned.

    In Exchange Admin Center and Content Search allow searches to be copied or cloned

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Have MFA challenge tell you which app challenge is for

    This would eliminate confusion when multiple txt msg's come in and not knowing which text code to put in which challenge box

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Daily Alert on OneDrive for DLP detection

    Alert is sent out only when DLP policy first detect on OneDrive. For better management, it would be helpful if there is a daily alert which contains all existing detection plus the new detection for related persons to follow up.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  12. Archive LinkedIn and other social media

    Now that Archive third-party data has been added to the Data Goveranance\Import location when will LinkedIn be available?

    Interesting that the first two connectors available is for FaceButt and Twitter but not LinkedIn!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. ATP Safelink - Display test of destination URL

    By including text displaying the original URL path, that is not in the form of a hyperlink, you would allow users to gather context that can be ascertained from the URL path. People would also be better informed before clicking a on a URL that may or may not be malicious, only to discover they would not have clicked that link if they had seen the path before they clicked on it.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. เยส

    เยส

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Security Status of Microsoft Cloud Services ("Secure", "Degraded", "Compromised", etc

    We had an issue this morning where our filtering provider marked all Microsoft traffic as suspect. I do not know at this time was what triggered the event, but the provider could not provide assurance on as a false positive. I have nowhere to look on My tenant to verify this claim. As Microsoft’s presence in the cloud grows it becomes a very attractive target and no site is immune. I would think there would be a resource somewhere on the Microsoft site or my tenant that would provide a security status. Obviously this dashboard would not have details, but…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Christel Mehnert, Wittenbergstr. 2 A. 39576 Stendal, Deutschland

    Es wurden am 23.05.2017 69,00 € von meiner Kreditkarte abgezogen von Microsoft zur Verlängerung meines Vertrages von Office und ich habe ein Schreiben erhalten, dass Office 365 für 1 Jahr verlängert ist.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  17. Ability for customers to initiate encrypted email to us via a link in the signature line

    We currently use ShareFile and have an upload icon in our signature line. This allows the client to send us encrypted files using the "File Drop" feature by pulling up any previously sent emails by our company. I would really love to see the ability to have the client click the Upload icon in our signature line and be able to initiate an encrypted email back to us using O365.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. I ran a malware test from https://www.emailsecuritycheck.net and Outlook 365 failed every test.

    I ran a malware test from https://www.emailsecuritycheck.net and Outlook 365 failed every test. My suggestion is to perhaps check for malware?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. Automatically adding user who took specific actions to the recipients of the alert policy notification message

    We need to set recipients who receive the alert policy notification in advance, but I want the message to be sent automatically to the user who has taken actions as well.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Seperate Encryption Policy/Label for Emails

    We can apply/create a label under security classifications for files, and/or emails AND files, but not just files.
    When creating a default policy, it is applied to ALL MS Office components.
    If an email is sent to an external party who is not part of the tenant, they cannot read the message body AND the encrypted attachment.
    They would not be aware of the messages contents, to be aware there was an encrypted attachment (which they should not be able to open). There only option is to reply, and ask 'was this meant for me??'

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base