Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Misspelling on https://servicetrust.microsoft.com/ViewPage/SCCIntroPage

    Not sure this is the right place, but there is a misspelling in section "Search the audit log for user and admin activity in Office 365" where it says "Because events from most Office 365 services that you're organization" and it should read "...your organization..."

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Advanced Threat Protection: Implement a way to check links from console

    Currently, the only way I am aware of that InfoSec can determine whether a link is malicious or not is to detonate the link on a sandbox and then performing a URL trace.

    Please implement a way of analyzing a suspicious link within ATP console similar to how zulu zscaler or quttera.com does it.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. ATP

    ATP - cureently does not scan urls inside attachments , could be a nice addition to the feature

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. More information for alert policy activities

    I would like you to provide us public information for type of activities and descriptions which can be set by Alert policies in O365 Security & Compliance Center, or streamline the descriptions shown in the navigation pane. Currently, policy descriptions can be found in the navigation pane, but I need open to see them one by one. It would be great if I could view all the activities and descriptions in one place at a time when setting policies.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. How to disable SPF authentication

    It is an operation that SFP authentication is automatically performed by EOP, but I want to be able to invalidate it.
    In our environment we have set up an MX server and we are delivering it to ExchangeOnline from there.
    I would like to do SPF verification on the MX side and not overwrite the verification result by SPOF verification with ExchangeOnline.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  7. Aggregate unusual external file access activity

    These activity lists can easily get very long. Having a slightly aggregated list for first glance. Being given a list of three items that say this person accessed that sharepoint site would help a lot. We do a lot of collaboration with out sister organizations and clients so it would be nice to easily separate the people browsing through sites and onenotes that we have given them access to from those looking at things we didn't intend to give them access to.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Enable by default alert Activity from infrequent country

    These anomaly detection policies are only available for E5 users or MS CAS.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. Problem in new Office 2016 security feature

    While running a COM Addin to MS Word 2016, getting error "The action was blocked by organization policy" issuing a Range.Paste call through the Word API. Users are getting this when they are sync'ing with OneDrive or Sharepoint through Office 365. If we kill the process that is/was using or monitoring the clipboard, the problem is resolved. Seems to be a sharing violation with the new security feature??

    Please reference: https://stackoverflow.com/questions/41997510/error-the-action-was-blocked-by-organization-policy-ms-office-2016

    Thanks

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. DO NOT TAMPER WITH MY E MIALS PLEASE. IF NI SEND THEM TO JUNK DO YOUR JOB THERE

    DONT WANT YOU TO GET INVOLVED IN MY E MAILS AND THE CONCEPT OF ENCRYTION IS NOT NEEDED FOR ME .
    I A SK YOU TO HOST MY E MIALS AND DONT TAMPER WITH THEM

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  11. Fix false-positive on Block Extensions Transport Rule - Attached email Subject line ending with .com

    We have noticed a bug in the case where an email subject ends in .com (eg. This is a test@microsoft.com), and a user attaches that email (as an attachment on a new message). If there is a Transport Rule set up to block emails by file extension and it includes the .com extension - it will block the email based on the attachment even though .com is not the file extension (it's actually .msg).

    To recreate the problem in Office 365:

    Using Outlook or OWA:
    1. Send yourself an email with the subject line "this is a test@test.com" …

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  12. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  13. unwarranted interference on your part

    I am a person, not an organization, and I cannot understand why you have blocked postings by Arts & Letters Daily, a responsible and respected clearing house of ideas. How do I counteract this?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Your Multi factor authentication is a joke.

    For MFA in Office 365 it generates and app password that then needs to be used the outlook client, phone tablet connections. It is the type of PSW that needs to be printed out because it is too complicated to remember. Give the user and option to change it to as memorable passphrase not some random generation of letters. Now i feel more insecure since I have to print out the passwrd and keep it somewhere

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Office encripted email forward failure

    Whenever I receive a one-time code for encrypted email the message fails to forward and returns this error:

    Technical details of the failure:
    5.7.1 Unauthenticated email from microsoft.com is not accepted due to
    5.7.1 domain's DMARC policy. Please contact the administrator of
    5.7.1 microsoft.com domain if this was a legitimate mail. Please visit
    5.7.1 https://support.google.com/mail/answer/2451690 to learn about the
    5.7.1 DMARC initiative. p21-v6si188132ejx.67 - gsmtp

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Birthday Party | kitty party- make every moment special

    Rihansh Eve N Planner plan budget-friendly kid's birthday party and kitty party in lucknow, Plan ahead. Make a budget. Make your own decorations. Host an at-home party, and get an inexpensive venue. Set a time that isn't around meals. Aim for a budget-friendly theme party decor in. visit:- https://medium.com/@rihanshevenplanners/birthday-party-kitty-party-make-every-moment-special-d1e841c9a158

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Publishing sensitivity labels to O365 groups or DLs doesn't work

    Sensitivity label policies are not getting published when a security group or distribution list is selected as the target. On saving the policy, it shows as "Published to: None".

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Missing checkbox - "Include versions for SharePoint Documents" cited in several Microsoft Resource Documents

    Several articles below refer to a checkbox option that appears to have been removed causing confusion among several customers. I haven't been able to determine if I am not triggering the box to appear properly or if the documentation is outdated and checkbox option has been removed:

    What I have tested so far that instructions recommend to make checkbox available:
    1. Verified Versioning feature is enabled for SharePoint documents. (see below: "if your organization tracks versions")
    2. Added specific SharePoint and OneDrive sites using "Choose specific sites to search" option. Also tried the "Search all sites" option to Include all…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  20. Can we please have an email notification fairly quickly that an email that is pending is "Delayed" rather than 48 before NDR

    Can we please have an email notification (to the user) fairly quickly that an email that is pending is "Delayed" rather than the user having to wait 48 before getting an NDR. Currently, the user assumes the email has been sent but it's too late.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base