Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. app protection policies: allow the use of fingerprint sensor without the need for a pin-code

    app protection policies: allow the use of fingerprint sensor without the need for a pin-code

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Content Search and restore emails

    The content search needs to be able to included in the 'Recipients and Sender fields" email addresses that don't belong to the O365 domain you are in.

    Instead of the convoluted approach that restoring emails is currently, it would be nice if you could restore emails from the Content Search window itself. This would save time and tech hours in downloading the export and restoring one by one.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  3. When can we allow data access to the users with Reviewer Role?

    The current v2 platform only allows data access to users with the eDiscovery Manager role. The reviewer role does not work as expected and does not grant access to case data.

    This is an extreme limitation and is causing us to now look to select an alternative EDRM vendor.

    If you could provide an ETA or at least some assurance this issue will be resolved we can continue to invest development time in this.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add MCAS roles in Azure AD PIM

    Add MCAS roles such as Global Admin Full Access, User group admin available in Azure AD Priviledged Identity Management to enabled Just-in-time access. This would allow secure access to MCAS only using the built in PIM system.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  5. MFA - Check the recent sign-in activity

    MFA should be have the same option of the personal accounts.
    On my hotmail account with MFA I have the option to see the logs, "Check the recent sign-in activity".

    Should be have the same option to corporate email address, this way the user can check the lastest entries.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. GeoLOC Blocking

    We are seeing failed login attempts to O365 for ourselves and our clients from across the globe as hackers exploit OSINT. Please give us and our client to block login's to our company's accounts by IP Geo Locatons.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide a verification option before locking out accounts

    Provide users the option to verify suspicious behavior before locking out an account. This would prevent false negatives.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Recovery of account is impossible if you forget your password and change email addresses

    I can give every detail of credit card but you keep saying not enough to verify account. I have spoke to an agent, no help. I have been to a store, no help. All I want id the tax invoice for the AU$129 dollar paid on 6 March. No one can send it to me.
    abf_secretary@live.com.au but I have no access to this email now

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Limit location specific sign in by user, not all or nothing, without having onsite servers.

    We would like to use the location specific sign in for most of our users. Just not the administrators. Also, we would like to do this without having onsite servers. These are expensive to maintain and we aren't a large enough company to afford these.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add an option to Delete High Confidence Phishing Emails in Antispam Custom Policy

    Add an option to Delete High Confidence Phishing Emails in Antispam Custom Policy.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. MFA Authenticator App Security with iPhone Multi-Touch Display

    With the iPhone multi-touch display (currently on the iPhone 7 and future) security is bypassed. I do not have to unlock my phone to respond to a request from the Azure Authenticator App which bypasses the security of the phone. Make it so that I have to unlock the phone before the authenticator app will respond. DUO MFA already does this and it works better.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. 90 Temporary password email can be misleading

    When a user has their password set or reset, they get notification that says PW is TEMPORARY for 90 days REGARDLESS of the system wide PASSWORD NEVER EXPIRES option you may have turned on so it gives the end user erroneous and contradictory information than what the administrator may have told them.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Better spam reporting options / instructions

    I can not (ever) find how to report spam in Microsoft Exchange. The instructions for reporting all refer to Outlook, and the options given do not work in Exchange. I have two messages I currently want to report that purport having come from Microsoft.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  14. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. DCR for sensitive label limitation (SPO support will file this DCR) : Users should not be forced to close a file after applying a label

    DCR for sensitive label limitation (SPO support will file this DCR) : Users should not be forced to close a file after applying a label and then have to reopen the file to make other changes.
    We understand there are some known limitations (https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files#limitations) this known limitations should be changed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Changes in permissions in SCC should be visible in SCC audit log. It is not so currently... We were surprised to find that when one of our u

    Changes in SCC Permissions should be logged in SCC audit log. It is not so currently...
    We were surprised to find that when one of our users lost access rights (roles) to some actions in SCC, there was nothing in audit log. And when we renewed the access for him, there was again nothing in audit log. More details: Ticket 11034713.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Zero-Hour Auto Purge (ZAP) action status

    ZAP is not working (showing as failed) when a domain is on an allow list. Can you change the result to "not applicable" instead of failed? That would help identifying the root cause, because "failed" could also mean a service degradation.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. The link to the site is dead.

    Link leads to nowhere.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. conditions

    The recent change to not allow search queries to be manually typed out in the Keyword box is negatively impacting the ability to run more complex searches in the Compliance Center eDiscovery searches. By only allowing search criteria to be added with Conditions boxes the ability to run more complex searches has been severely reduced. Please roll back this change and allow the researcher to either use the Conditions boxes or to manually write out the query using the searchable email property query language (as was the case for the past several years).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base