Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Option to disable common attachment types filter for internal mail only

    Today you can define common attachment types that will treat certain file types as malware. There should be an option in the malware policy that would ignore this filter for internal mail only, but treat such file types as usual for incoming external mail.

    As an example, ATP Safe Links have an option to ignore the mechanism for internal mail and so should the attachment filter.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  2. Include Center for Internet Security guidelines

    Create Azure Security and Compliance Blueprint based on CIS recommendations for MS Azure platform.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. Encryption report does not show active data.

    When I look at my encryption report, the data is not live, but is one day behind.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add "Sender is" in conditions or exceptions of DLP.

    Currently, the conditions and exceptions can be only applied to recipients. It will better if DLP support conditions and exceptions set to senders.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  5. Dynamic scoping rules for Teams DLP

    ability to create scoping rules to include Teams in a DLP policy based upon name or external share state.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  6. DLP Policy Sender domain exception

    I am not able to find sender domain in exception in DLP policy erlier it was available but right now it got removed

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  7. Stop third parties automatically populating calendars

    Currently according to Microsoft it is acceptable for a 3rd party who you have not shared your calendar with to populate it with a request, this leads to unwanted Spam appointments being booked provisionally and makes the calendar get clogged up with spam appointments.

    After spending days now with Microsoft trying to stop this , the answer is "events will populate the calendar is a normal behaviour of Outlook in Office 365"

    Simple solution would be to stop all 3rd party invites from automatically populating the calendar and only allow users that you have shared your calendar with add an…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Quit blocking all hyperlinks, cant open any links in my email today that are safe

    revert whatever changes you guys made in the last day, as not a single email hyperlink will work, test before you deploy this stuff.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Provide ability to search and export 'Shared with me' items in OneDrive

    There are occasions when we would want to include those items shared with a OneDive user in the ‘Shared with me’ folder. It would be nice to have a way to include these in search results and any following eDiscovery exports.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  10. Dont for the alternative email address when you detect a suspicious login. My phone autosuggests the alternative

    When a suspicious login is detected don't show part of the alternative email address. Eg Pp*****@gmail.com because if someone has access to the users phone etc when those first two characters are typed Google autosuggests the email address. Making it easy for the thief to receive the security code. Doh!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. While typing MFA OTP Password , User should not able to see or it should be in ### or **** format

    While typing MFA OTP Password , User should not able to see or it should be in ### or **** format

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Modern Authentication Pause

    Small company with internal IT "support". We (I) do a great deal of handholding for the employees, including troubleshooting and preparing Windows 10 devices using Office 365 (Business Premium). Ongoing problems with MA/MFA in my environment is a nightmare when I have to coordinate the forwarding of the "confirmation" text in order to proceed in my troubleshooting or preparing stages. When the employee is "available", it's not a big deal, but when the employee is not, it can result in delays in completing the process.

    Maybe something already exists, in terms of a "pause", but if it does, I can't…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. What are the rules applied on incoming messages?

    What are the rules applied on incoming messages? I have observed that out of two emails sent by me, one was delivered to Inbox while another one was quarantined.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. the email limition

    we have encounter a terrible case that cause by Microsoft O365 limited setting. we can not change this limited by any field. our user's email account has been compromised to sent out lot of spam mail. more than 10000, we have reset the password and unlock it out the "action center", but user still not able to send mail by Microsoft limited. That must be waiting 24 hours. Do you have any idea to process this temporary work around to let user can send mail out then we can do deep action to prevent the mail account be compromised.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Flag email item original version (received or sent) on an eDiscovery export PST

    While doing an export using eDiscovery features, if there are different versions of an email sent, because user edited the item after it was sent, there is not easy way to identify the item. Only after adding "Modified" column an Analyst can identify such item. If item is flagged as original (considering emails received and sent can be considered an operation), it will considerable reduce the complexity over a search that can contain thousand of items.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Compliance Manager ISO 27001 AU-0127 and AU-0128 are the same

    Compliance Manager ISO 27001 AU-0127 and AU-0128 are the same

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Need An Awesome Theme Wedding Decor For Your Flowers Wedding?

    There’re multiple ways to intensify a wedding theme with these colors and one of them is about using lots of greenery along with gentle white fabrics and patterns and wooden details with best of the fresh flowers theme wedding decor.
    visit:- https://sites.google.com/view/theme-wedding-decor/home?authuser=1

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. I want to be able to customize the data exported in the message audit log and send it to the user

    I want to be able to customize the data exported in the message audit log and send it to the user

    メッセージ監査ログのエクスポートしたデータをカスタマイズしてユーザーへ送信できるようにしてほしい

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  20. Project Online needs the ablity to restict views. Allowing all users to see project cost information makes Project Online un-usable.

    Project Online needs the ability to restrict views. Allowing all users to see project cost information makes Project Online in-usable.

    Support Email:
    Hi Lyn,

    I tried to call you but nobody was answering the phone, so I left a voicemail message indicating that I will contact you via your email instead.
    This is regarding to the issue you logged about sharing a specific view only in Project Online. We understand that you need this so I've checked my resources, talked to my manager, my co-support engineers within the globe and I've found out that this is product limitation. We can…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base