Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Kindly include the condition - 'Deleted Items' (to retrieve all deleted emails) from search content of Administrator - protection.office.com

    Kindly include the condition - 'Deleted Items' (to retrieve all deleted emails) from search content of Administrator - protection.office.com

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  2. Audit Log is missing logging adding Everyone except external users to a SharePoint library

    When a the "user" of Everyone except external users is added to a SharePoint library, the audit log is not logging the Activity of Shared file, folder or site.

    If Everyone except external users is removed from a library, the audit log is logging the activity of Unshared file, folder or site.

    This is more of a bug than an enhancement request. I've tested this across different libraries and sites and the results are always the same.
    This become problematic from a compliance perspective because I can't say...here's who did it and when
    .

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Outlook 365/2019 add in for Supervision policy's.

    Integrate the supervision policy when your are a reviewer to outlook for a user friendly place to monitor supervised emails. Add in alerts for these policy's in a range of severity and importance. Having to login to the 365 security portal to check the policy is too time wasting and sometimes forgotten by admins

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  4. Audit log should show external user email address

    Currently if you share a file or folder with an external user, there is an entry for this in the audit log but it doesn't include the email address of the external user that the item was shared with.

    In the Detail column you just get something like: Shared with "SharingLinks.a5988447-2fe5-47d4-a850-1d26aab08851.Flexible.9dfe9eb2-7288-4171-b439-e6fd3526b489" ("SharePointGroup")

    Thus it is impossible to tell who something has been shared with!

    It'd be much better if instead it said: Shared with someuser@domain.com

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Increase number of emails to be previewed in Contents Search

    Exporting PST data and importing it via Outlook takes time. If user could view all email items in Content Search Preview, it saves user's time.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. Export extended fields from alerts to Graph Security

    The alert that is sent from Office 365 to Graph Security contains very little context for the alert.

    For example, an alert that triggers when a DLP policy is matchedfor an email sent outside the organization, the alert in Graph Security contains only the user who sent the email.

    In the SC&C portal, if you expand the activity list of the alert and expand more information there are fields such as "PolicyDetails", "ExchangeMetaData", and "EnrichedFields" that contain who the email was sent to, the messageID, the sensitive info types, etc. all of this contect should be in Graph Security.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add the ability to see the total number of attachments reviewed by ATP

    We would like to be able to see the total number of attachments scanned by ATP so we can compare that with the number of malicious attachments. Currently, the only similar comparison we've been able to make has been between malicious attachments and total emails received (this conclusion was also confirmed by the support team). As we support organizations regularly receiving tens of thousands of emails a day, and because most of them don't contain attachments, this comparison is really not useful. Our goal is to better identify the risk facing these organizations and the effectiveness of our tool set.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure MFA not compatible with Intune Mobile Device Management

    We have been using MFA and wanted to try Intune MDM to replace our existing product. If MFA is enabled on an account you can enroll the device but when you push the email profile there is an error connecting to the email O365 server.

    Authentication method: Select either Username and Password or Certificates as the authentication method used by the email profile. Azure multi-factor authentication is not supported.

    https://docs.microsoft.com/en-us/intune/email-settings-ios

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Edit custom sensitive information dictionaries without Power Shell

    Editing custom sensitive information dictionaries using Power Shell commands is cumbersome and it would be great to be able to edit them in the GUI.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  10. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  11. Notify designated tenant administrators when added to EOP IP Block list

    Currently EOP can add valid IPs to block list (error 5.7.606). If that happens send notification to tenant administrators with reason/evidence of the malicious activity

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. Concerning the default “Suspicious email sending patterns detected” alert policy

    *English follows Japanese

    ■Title(件名):
    既定で作成されるアラート ポリシー ”Suspicious email sending patterns detected” について
    Concerning the default “Suspicious email sending patterns detected” alert policy


    ■Description(内容):
    ここ数週間のうちに ”Suspicious email sending patterns detected” の通知が頻繁に管理者に送信されています。
    通知の対象となっているアカウントを調査したところ内部のシステムに利用される ”SPOARBITRATION” であることが判明しました。
    しかしながら、”Suspicious email sending patterns detected” は既定で作成される通知のため、設定内容を変更することができません。
    システム アカウントを検知しない機能の拡張、及び通知されるアカウントの種類を変更できる機能の拡張を要望します。
    Every few weeks, our administrators are frequently sent a “suspicious email sending patterns detected” notification.
    If we examine the account that caused it, we can find the system’s internal use SPO
    ARBITRATION is involved.
    However, since the “suspicious email sending patterns detected” alert is created by default, it is not possible to change the settings on it.
    We…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Changing Account Details in Office 365

    It would be a great feature to allow users to manage their own account details, such as
    .) mobile number,
    .) address ...

    Today only administrators can do this!

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. azure audit log

    Audit logs should have its own blade and option to configure the feature to notify when certain things are triggered. Changes to critical areas that can affect entire Org or granular to a single user. Azure audit logs should be more than 30 days.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Provide just ONE powershell module for all O365+Azure functions

    The powershell management for O365 (or M365) is ridiculously complex.

    https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-all-office-365-services-in-a-single-windows-powershell-window

    Microsoft itself had to provide documentation for managing 5 different modules in a single Window. Instead of just writing its powershell modules to not require such a convoluted work around.

    Even with this documentation there are multiple glaring problems

    1.) This documentation does not work in PS Core, which Microsoft has clearly been pushing as a successor to Windows Powershell. This documentation is inconsistent with Microsoft's own roadmaps.

    2.) This documentation does not work for admins using MFA/Conditional Access. EXOv2 sort of resolves this and does work, but it…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Issue Blocking foreign login attemps from other countries

    I have windows Server 2012r2 using ADFS 3.0 we are getting brute force attacks from other countries that are trying from different IPs and usernames and passwords. Upgrading to 2016 is not cost effective and 2012r2 is still suppose to be supported.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make dealing with spam easier

    Your Quarantine page(s) aren't very helpful. I accidentally - in the email I get once a day telling me which emails have been held - clicked on "Block Sender" for an address I still want to be able to send to me. For the life of me I can't find where I reverse this decision.

    In addition I cannot find a way to release emails. I select one, or more, click on "Release message" OR "Remove from quarantine" and no matter what I refresh or reload, it is, or they are, still there. What's going on, please?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Search Content - File Type Condition

    Allow Exchange Online to use the "file type" condition(i.e. Generating a report for inbound emails that contains specific file types - html, docx, pdf). I was informed by MS support that the specific condition is only applicable to SharePoint Online and One Drive.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  20. dhiod,frlc,ndn

    sjd,gmcfmvdmcvmnfxb v

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

Feedback and Knowledge Base