Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow creating alert for deleted Stream video and deleted team channel in O365

    Please It will great if the deleted team channel and deleted stream video can be included in the security Alert option in O365

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Access to OWA Logs

    On premise Exchange allowed for review of OWA requests / logs to recreate what a user viewed while in their mailbox via OWA. Can we get administrators to have access to these logs? These logs are crucial for unauthorized access investigations.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. To display accurate details in Spoof Mail Report. For faster investigation of Spoofed emails.

    To display accurate details in Spoof Mail Report. For faster investigation of Spoof Mail report.

    To display date along with time the email was received

    To display the actual source IP address instead of network address

    To display the receiver email address

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. spoofing notifications

    Create a protection notification to alert other when selected users receive a Spoof Detection mail.
    Improve service and efficiency, better than weekly report.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Collect specific folder from One Drive

    The eDiscovery solution should allow the collection of specific folders, at the moment you can only collect the whole drive, which is not practical

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. Customize Alert Policies

    Allow for exceptions to Alert Policies. For example, the “Phish URLs Removed After Delivery” rule is prone to False Positives. Being able to exclude addresses from the Alert would increase the fidelity of the Alert.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Segregation of roles for enterprise companies. Allow local market security teams to have separate logins to view their own local user data.

    Segregation of roles for enterprise companies. Allow local market security teams to have separate logins to view their own local user data. As a global operator we want local security teams to view their local user data without seeing the data of other markets. The current RBAC model doesn't support this. It would further be useful to behave like the Symantec tool where you can target data reports by AzureAD groups. For example Italy security team login and only see data for Italian user Azure AD group.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  8. hover over links

    I am trying to get our users to hover over email links to check where they really go.

    This hovering doesn't show the URL in OWA!

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. reports and dashboard filtering by upn

    the SCC reports and dashboards look very pretty; but are useless in large organisations where there is a need to show the reports for specific groups of users.
    provide ability to filter by security group or upn or recipients domain

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  10. Content Search report should what has triggered

    In Security and Compliance, Content Search, you can view a report or download a report. It should be nice if you could see what keyword of the query caused this document of mail to show up in the results. For example, I have one query that queries on BSN(social security number in the NL) and CV(resumé). When I look at a hit in the report, I don't know what keyword, BSN or CV, triggered this.
    I assume the answer is in this case to create two separate reports but I can imagine that you don't want to build that many…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  11. View "configured" machines in Defender Security Center - Improvement Opportunities

    Currently in Defender Security Center, in the Improvement Opportunities section, it lists the misconfigured machines under each Security Control. You can click on the list of misconfigured machines but it would also be helpful if you could click on or list the "configured" machines.
    This would be very helpful when setting up different controls how to find what machines that are working correctly and what machines I need to investigate why they aren't reporting in.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Make the data on TLS-Deprecation-Report.csv to be accurate

    I would like the TLS deprecation report to show accurate data when downloading it from Service Trust Portal, because it contains a lot of data for non-impacted devices.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  13. audit log by AD group

    Please allow for the use of AD groups as a filter for Audit Log searches. It should not be only limited to all users or manually entered names.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow emails sent to phish@office365.microsoft.com to contain malicious attachments

    Some emails our users send to phish@office365.microsoft.com to report phishing are being rejected by Microsoft because they contain malicious attachments. That's ridiculous. Of course a suspected phishing email might possibly contain a malicious attachment!

    Instead of rejecting the message, Microsoft should accept it and have their technicians who handle the phish@office365.microsoft.com queue working in an environment where they're not susceptible to malicious attachments.

    FWIW, the reject message is "550 5.7.1 TRANSPORT.RULES.RejectMessage; the message was rejected by organization policy" and a Microsoft tech confirmed it was due to the file attachment in support ticket number 14365410.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Reject emails at SMTP time

    I am missing an option in the spam filter options and the mail flow rules to reject mails at SMTP time, so that the sending server has to "inform" the sender. With the reject option in the mail flow rules the O365 server sends a NDR which will lead to a backscatter problem since the sender is mostly spoofed in spam mails.

    The spam filter option even has no option to reject spam mails.

    What i want to achieve is to not quarantine any emails at all. Either reject the mail at SMTP time or accept the mail. This is…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  17. is there a regulatory compliance and auditing report reference for educational customers

    is there a regulatory compliance and auditing report reference for educational customers

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. Adopt Azure AD Log attributes

    I am seeing inconsistencies between the S&C Unified Log and Azure AD logs. For example, Azure AD shows me that Office Groups were recently created and these activities don't show up in the Unified Log in the S&C Center. The S&C Center is showing me that the Site Collection and Team were created, just not the associated Office Group. This lack of consistency is concerning and requires me to look in 2 places, which totally defeats the stated purpose of the Unified Logs.

    I also notice that the presentation of the attributes for each activity is much easier to understand…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Not able to trace creator or for whom HIGH severity alert has been triggered however able to see for LOW severity alerts.

    Can you please provide a way how to find who has created that HIGH severity alert or for whom it's been created ? for the security concern.

    Able to trace user & creator for LOW severity alert but not for HIGH severity alert.

    Looking to here from your side!

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow Deletion or Modification of Any and All Items (Including Calendar items)

    One of our calendar items was deleted by accident and the user didn't know it was deleted. Luckily, our user knew about the schedule. We use a shared calendar and apparently there is no way to find out how to audit modified or deleted calendar items.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base