Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Auto expiring transport rules.

    It would be very convenient from time to time to have auto expiring transport rules.
    Just a date picker when the rule should be auto disabled and automatically append the comment field when the rule was auto disabled.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow tenants to create custom Mail Flow alert policies

    The default "Messages have been delayed" policy has a minimum value of 200. For small tenants, this number is too high and it could take several hours to be notified of an issue. Currently, there are no additional Mail flow options to create a custom rule. Please allow tenants to customize alert threshold based on their environment.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Use Office 365 Management Activity API to detect the spoofing of the external sender

    It would be great if the O365 Management Activity API could detect the spoofing of the external sender. Specifically, we would like to use Office 365 Management Activity API to retrieve Teams logs for messaging actions between internal to external and vice versa.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide a flowchart for tracing mail flow through Exchange Online.

    This is a great way to trace through all the filtering of Exchange -

    https://technet.microsoft.com/en-us/library/aa997242(v=exchg.141).aspx

    would love to see this for Exchange Online to prove that a user's allow/block list supersedes the spam policy.

    I've seen other articles showing order of priority - but not a flowchart that can be traced through.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  5. Advanced Threat Protection Plan

    Wanted to ask if Microsoft have any plans to add "Advanced Threat Protection" to the rest of the Office 365 plans instead of just the Enterprise E5 plan only? I think it would be a wonderful addition to all the plans to have this active to protect end-users emails. The URL Detonation and Dynamic Delivery functions are needed in the rest of the plans and they add great functionality for all.

    Thank you.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Cut access to shared documents of deleted users

    Access to shared documents and folders of a deleted user shouldn't be possible.
    I've deteled an user, but other users still got access and could edit documents that the deleted user had in its OneDrive. Those users, and I, were complaining that after about 30 days later the documents they edited during that time simply vanished and they've lost 1 month of work on them.
    After deleted the user, his documents should automatically be inaccessible, even because the deleted user can't access them anymore, but the others do!
    And more, if that user has shared documents you don't approve, deleting…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Local Time Zone change facility is required in admin portal as it is difficult while tracing emails with respect to Local timezone i.e IST

    Local Time Zone change facility is required in admin portal as it is difficult while tracing emails with respect to Local time zone i.e IST with UTC.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability for global admins to see partner activity logs within audit reports

    A partner has made changes to my account which locked me out of my services and their activity is not showing in any of the audit log reports

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  9. Unable to obtain complete summary report from DLP web reporting which has been verified by Microsoft Technical support team.

    After checking with Microsoft technical support team, it's confirmed that we can't extract complete DLP summary report from the web interface. We can extract the report but the records are not complete for the fields like Policy Type and Policy Rules.

    Can you fix this?

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  10. Customize Security & Compliance Alert Template

    I created a compliance alert to notify me when anyone downloads a file from a particular folder in SharePoint. But to see what was actually downloaded I have to click "investigate" in the email message and click about 4 times to drill down to the information. I'd like a way to customize the email alert to tell me the name of the file that was downloaded, without having to go through the 5 clicks to find out what it was. It would save a lot of time.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide reporting on what messages hit custom spam policies, so that we know how effective the custom policy is.

    Get-HostedContentFilterPolicy
    It seems reasonable to expect that we could track which emails get addressed by the custom spam filter, whether in specific details or simple report numbers, to ensure it’s working for our customers as expected, and for fine-tuning or troubleshooting.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow administrators to apply corporate branding to the ATP Safe Links blocks and scanning pages.

    The warning pages displayed when a user clicks on a blocked link or a link that is being scanned looks very general. It would be helpful if we could apply some basic branding to these pages, with company logo and name. This way, users see immediately that the pages are valid and not some sort of scam.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. unable to co author excel sheet to work together

    we have E 3 license & E1 license where they can't work toghther on same excel sheet simultaneously .. only E3 - E3 able to work co authoring working but not e3- e1 it is throwing error whic hahs to be fixed.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Allow admins to query mailbox search history for security investigations

    When we conduct mailbox compromise investigations one of the items we review with the user is the mailbox search history. We use the below method to pull this.

    https://support.office.com/en-ie/article/delete-search-history-or-export-search-history-in-outlook-on-the-web-582647f4-fae8-46ed-9f78-49b919ddfc69

    Would it be possible to make this information accessible through the security and compliance center to help determine if an intruder was running searches in a compromised user's mailbox? Is there any way to get timestamps to identify when these searches were run? Or just make mailbox searches a new line in the audit logs?

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  15. "Apply this label by default to documents and email" should be two different line items to check

    Under Security & Compliance policy settings, "Apply this label by default to documents and email" should be two different line items to check; separate email out. I want to be able to set all documents as internal and not have all emails inherit the same tag.

    Make it "apply this label by default to all documents"
    and "apply this label by default to all emails"

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. allowed domains: list upload should ALSO work in the new admin center

    June 2019: When using the Exchange Online Admin center; protection; Microsoft keeps warning that this has been replaced in 2018 with https://protection.office.com . However several features do not work or do not work well in the new site. For instance going to https://protection.office.com > Policy > Spam , trying to add a list of allowed domains should work by pasting them seperated by semi-colon (;). The list just never takes. Confirmed by Microsoft support.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Unable to search Audit Log by UserLoginFailed

    I am unable to search the Audit Log for UserLoginFailed. (Security & Compliance\Search\Audit Log Search) The entry is found under Activity but cannot be searched online. This feature would be useful when looking for accounts that are/were under attack.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  18. ATP impersonation safety tips Customization with different color highlitenment

    ATP impersonation safety tips Customization option must be enabled with different color preferably RED, so that the users who receive the email will beaware that the email is not genuine/phish/spam.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Is there any virus scan being run?

    Can you scan incoming emails for attachments containing malware? When we used Websense, they scan and blocked them all. With Microsoft "security" they are flying in like a knife through tissue and into my user's mailbox.

    MS tech support has me block the sender's ip address after the email has flooded the office, but the blatant stupidity of such a solution needs no further discussion.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  20. Compliance Manager does not seem to be secure by default

    I think Compliance Manager (https://servicetrust.microsoft.com/ComplianceManager) should be restricted to users with Compliance Administrator role in the tenant. It appears that any users in the tenant can view Customer Control details and this may expose sensitive information to users unauthorized to view details.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base