Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. RBAC ManagementRules does not apply to Outlook

    It should not be possible to Outlook Users to Bypass Management Rules created in Exchange via Powershell.

    I created a new Management Rules where the user is not allowed to change the ExternalAudit in MyBaseOptions.
    It applies to OWA but if a users uses Outlook he is still able to Change that.
    This means that Outlook Bypasses the rbac security model which should not be possible.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Improve whitelisting with a configurable trust score applied dynamically to spam confidence levels

    The current approach of whitelisting is a very binary approach of defining trust as either completely trust or distrust from a point in time for a sender/domain/IP.

    Companies you trust today might be breached tomorrow, domains or IP's may be sold and individuals may suddenly act maliciously. Most rule sets stop filtering past the whitelist which could result in malicious mail from a compromised partner being allowed into your systems.

    Therefore a better alternative would be to allow a "trusted" sender/domain/IP list that would allow you to dynamically reduce the Spam Confidence Level (SCL) of an email by a configurable…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Better SPAM filtering by allowing address portions to be use

    Lately a SPAM house is defeating all of my ANTI-SPAM efforts by using revolving domains, subjects and addresses. Each address has one thing in common right now, they all com from Contact@domain.com. If your SPAM options would allow me to use the "Contact@" portion of the address as a search feature, I could block a whole host of e-mails coming in. Then if they used "Comments@" Support@, or any other common tag, I could filter them out, but Outlook does not allow us to filter on a portion of the address. But maybe it should.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. blocked word

    Blocked sensitive words list should be known to IT admin or available with Support persons which words are blocked by default by EOP/FOPE

    other wise IT admin will create rules to block it and another thing is it has limitation on number of character is 8192 which should be increased otherwise we will have to create number of rules to block those words

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Legal Hold Custodian Report

    Legal Hold Custodian Report Export that includes custodian names, email, and data sources for each custodian.

    the "Export" function just exports the case names, status, created date, "last modified date", and "last modified by".

    It would be great if we added "custodian name", email, Role, and status to that report.

    We provide monthly status reports to inside counsel and manually add the custodian data to each case.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. Please add Disable-TransportRule and Remove-TransportRule under the activities to limit your search

    Please add Disable-TransportRule and Remove-TransportRule under the activities to limit your search when doing report auditing.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Connection Filter - Block Spam/Spoofed Email by IP address Range

    It would be very helpful if we can block an IP range. I get quite a bit of spoofed spam that i backtrace to server farms/collocation centers. If i could block their IP range, I can effectively stop the spam regardless of the spoofed sender email addresses. These large server farms/collocation centers are conduits for spam.

    Thank You!

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Approve certain email addresses

    I would like to be able to approve email from certain addresses so it never gets quarantined.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Thème

    Isn't possible to have different "thème" if office is install of several PC.

    Please can you correct this point?

    Sincerely yours,
    Georges. Gassner

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. list of all the admins who changed a user license for another individual

    It would be nice to have a report that showed who modified an individuals license inside compliance.

    https://community.office365.com/en-us/f/148/t/445348

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Stop blocking all links in Outlook, including links to very safe sites. It is really annoying and makes outlook useless!!!!

    Worst roll out ever!

    Needs a user selectable threat level, or a user yes/no on blocked links, as right now it is blocking everything! and there is no obvious way through. It's driving me nuts!!!!

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Block messages if MAIL from and RCPT TO do not match for our own domain

    It seems you can bypass SPF and DMARC filters by using different legitimate "Mail From" and "RCPT To" addresses. This allows a form of CEO fraud to continue. What about blocking inbound emails from our own domain if the "MAIL FROM" and "RCPT TO" do not match? Your phishing detectors might be able to learn from this as well.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. allow a mailbox to be excluded from filtering

    We have a policy of asking customers (not end-users) to send emails/sms/whatsapp messages a that they do not trust to a 'fake-email' mailbox, so we can investigate who is impersonating us to our customers and work with authorities to take these parties down.

    With the strong spam filter on exchange Online we do not get all these emails. Is it possible to allows special mailbox for this purposes ?

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow downloading malicious attachments in a password protected archive

    When attachments are detected as malware, upon downloading from O365 Security&Compliance for further investigation Defender immediately recognizes malware and deletes files. To allow further manual investigation or submission to e.g. sandbox there should be option to download (malicious) attachments in form of password protected archive. Something similar is already available in MS Defender ATP.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  15. Want to select a security group for the Add a condition option when creating a new alert policy

    If we could select a security group from the Add a condition option when creating a new alert policy via O365 Security & Compliance. If this option would be available, it would be more convenient when selecting multiple users.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Unablt to install the MailprotectionReport_V2_en64.msi as we have only Excel 2010 & 2016 , and it only work with excel 2013

    Funny thing Microsoft is pushing the latest version of Office 365 but it is not compatible the above mentioned

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  17. Safe Links User Clicks

    In the Threat Explorer, the “User Clicks” tab displays when a URL was accessed in an email. However, you can not see which user clicked the email when multiple results are displayed. Displaying the username of who clicked the link would help with remediation for that user.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Please make the feature available in office 365 where we can track an event of when a mailbox forwarding address changed.

    Please make it available as part of mailbox security part. We need to track down when users mailbox forwarding email changed especially by un-authorized person. A notification email to the tenant admin is recommended as well. Thank you.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Change the separator in "Send a message to recipients"

    In the threat explorer, the "Send a message to recipients" option will bring up a new mail window with all of the recipients separated by a comma.

    In the Windows Desktop versions of Outlook, recipients must be separated by semicolon. This means that admins must copy the list, replace the comma with a semicolon, and paste it back into the BCC field.

    Oddly, the comma separation works fine on the Mac version of Office. Having this feature properly function on Microsoft's Office Suite on Microsoft's Operating System would be nice.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. Security score analyzer should NOT include tasks that are not possible

    Security score analyzer recommends items that are apparently not possible in some plans. It should NOT. It should either
    a) recommend only options that are available to the tenant, or
    b) disclose that some options require a different plan!

    One Example: DLP policies are recommended. We use Business Premium - and are told that DLP is not available.
    This happens too often, making "Secure Score" look like a thinly veiled upsell attempt.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base