Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. not seeing channel or private channel names in communication compliance policy results

    Not able to see Channel or Private Channel names or pchat group names in results. It makes it extremely difficult to distinguish where the results are from. Even between chat and channel is difficult - the only way to know is looking at the recipient name. It would be great if there were columns for TEAM Name, Channel Name, Private Channel Name, and pchat group name, etc.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  2. Loan and CD account numbers

    Please include Loan numbers in the U.S. bank account number definition. Most other types of bank accounts are in there but types of loans (mortgage, HELOC, etc)

    Also, certificate of deposit numbers

    Thanks

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  3. Release a Phishing Login server URL from the security blocker

    I would like you to release a Phishing Login server URL from the security blocker in the users’ environment. The URL is set when simulating a phishing attack by using Attack Simulator in Office 365. Because it would be blocked, we can’t review the page shown after entering credentials, and we can’t actually test the effects. So I would like you to release the URL from the blockers in a security software or browser security.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create and import new policies in MCAS using Powershell

    Currently it is not possible to create new Microsoft Cloud App Security policies using power shell module.

    Also, no possible to import these policies from Powershell.

    This would be useful it a customer has multiple tenants and would like to keep them aligned.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. License report

    Create license reports per O365 subscription. example: E1, E3, Project Online, Visio, Power BI, E5, etc? with end user login, UPN, Country, purchase date, last usage date.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  6. Advanced eDiscovery Reviewer Role

    After creating an eDiscovery Case I want to release it to my customers to view/tag/interrogate but not change. The Reviewer role should do this, but in v2 it does not appear to. A role is required to allow viewing/tagging etc, but leaving the data selection un changed is a major requirement to this software.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Edit custom sensitive information dictionaries without Power Shell

    Editing custom sensitive information dictionaries using Power Shell commands is cumbersome and it would be great to be able to edit them in the GUI.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. office 365 does not work

    office 365 outlook doesn't sort, doesn't load, doesn't send, basically doesn't work. i have updated loaded, reloaded, reloaded, updated, deleted, reinstalled, updated, reinstalled, reloaded.

    doesn't work

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. password manager like lastpass or keypass

    I would like Microsoft to develop and offer a password manager like lastpass or keypass to manage all kinds of login credentials.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Imporve Mailbox usage Filter - to see usage of shared mailboxes - if need reach limits of 50GB it needs a Online plan 2

    When a shared mailbox reaches his limit of 50GB, it need a Online plan 2. We tried to achieve this by the portal.office.com but we cannot filter the csv usage list on user mailbox and shared mailbox.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  11. SCC should support Azure AD roles and PIM

    Azure AD and PIM have several roles to managed security products across the Microsoft cloud.

    Some of these roles are:
    Compliance Center Administrator
    Security Administrator
    Security Operator
    Security Reader

    However, these sometimes work and sometimes doesnt work. If you contact Office 365 support you will be told that Azure AD roles and PIM are not supported for Security & Compliance Center, even though the documentation several places says it is.

    If you attend Microsoft presentations or webinars they always recommend the same thing: always use Azure AD roles and PIM, which is weird when Microsoft support says its not supported.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. ContentType

    There are content types Audit.General, Audit.SharePoint, Audit.Exchange, Audit.AzureActiveDirectory and DLP.All but did'nt find content type returning data for "Security And Compliance Centre".So i think this should be added to microsoft doc.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  14. Make the sending of a Reissue notice optional instead of automatic when portal content is edited.

    In the Advanced e-Discovery module the system is set to automatically send a reissue notice when the portal content is edited. This means the portal content has to be completely edited and ready for viewing in one sitting. That isn't realistic for a complicated hold memo. Sending a reissue notice should always be an option.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow for DLP exclusions to occur at the folder level in SPO rather than just at the Site level

    It would be great to exclude a specific folder from being scanned by DLP rather than having to exclude the entire site from scanning. If you follow a "least privilege" type of model and only exclude what is actually needed, it would be a better safer solution.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  16. Auditing Problems

    The current problem is that the SIEM is receiving logs that states the following:

    • In-accurate logs regarding Sign-ins from outside of Original Country: these logs state that there is a successful login from outside of the Original Country
    • Delay in receiving the logs from Microsoft office365: sometimes the logs are delivered 24 hours after the event actually happens.
    • In-accurate logs regarding successful Sign-ins for users that does not belong to Domain

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  17. "Australia Bank Account Number" Data Loss prevention

    It seems that the "Australia Bank Account Number" type hasn't been fully setup with its relevant keywords
    It might have been copied from other countries such as the US details (usa account) which is not relevant.
    It would be great to have the Australian keywords such as Bank Account Number, Bank Account, Account Number, Savings Account, BSB, and so on added to have a more certain detection rate for its contents.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  18. Advanced Threat Protection - failed to scan for hyperlink inside an email attachment.

    There is an email attachment inside the incoming email. The email attachment contains a link that points to the phishing web site. The same link can be identified as phishing in Edge or Google Chrome. I forward the same email to gmail and it can be successfully filtered. The ATP of the Office 365 needs to be strengthened.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  19. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. The Concept of "Event" in M365 'Records Management' is Way Too Convoluted And Error Prone

    We need an easy way to create "events." Just reading through the documentation gives me a headache, and really there is nothing about this flow that simulates a "real-life" event. Why can't we create an event and all the supporting labels, and minutia?

    This is far too complicated and downright strange in my opinion. E.G. "An event is a specific occurrence of a predefined event type. Event types are associated with labels that, when applied to content, classify the content as that specific type. If an actual event occurs, such as a user leaves your organization, you'll create an event…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base