Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Don't show senders of received emails from receiver found by search in "Works with" area (-> NSA style)

    Currently you disclose the senders of emails an Office 365 user A has received when another user B searches the user and selects it.
    The user B sees any email sender user A has received an email from.
    That way the user easily can derive the communication relationships of other users, what may be with intent, but is highly unwanted in our area (Germany), who is not so fond with NSA's style of data security.
    Please make this feature detachable. ("Works with" is named "Arbeitet mit" at me, hope it spells "Work with" at you).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  2. Your 'block' list for domains is relying on ANCIENT data. How do I get my site removed from your erroneous block list?

    Your 'block' list for domains appears to be relying on ANCIENT data. Where are the instructions for reporting errors in your list? How do I get my site removed from your erroneous (irresponsible even?) block list? [Or how do I find out WHY you are blocking me?]

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. ATP anti-phishing policy notification

    Allowing users and administrators to be notified of emails filtered by ATP anti-phishing policies can help detect problems.

    ATPのフィッシング対策ポリシーでフィルタリングされたメールをユーザーや管理者へ通知できるようにすると問題の検出に役立ちます。

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. outlook-pst-to-office-365

    If you are searching a tool to migrate your PST item like emails, contacts, calendars, attachments, etc to Exchange Online.
    So I suggest you use emailsoftwares PST to Office 365 Migration Tool. This software will import your all PST items into
    Office 365 within few clicks. For more details visit:

    http://www.emailsoftwares.com/migrate-outlook-pst-to-office-365.html

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Process Audio and Video files to make them searchable

    Extract text from audio and video files so eDiscovery search can include them

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow Alerts Policy to target Distribution Lists or Security Groups

    When creating a new alert policy it's only possible to have the alert target a specific user rather than a class of users as defined by a distribution list or security group.

    As an educational institution we don't care if our students forward mail outside of the system but want to ensure that we are tracking new forwarding rules for all staff and faculty. This is currently not possible.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Customer managed granularity for CSPs in compliance manager for Office 365

    Allow the ability to split the Customer field into CSP and Customer(s). Also associated permissions to see what you are assigned via groups. Shared responsibility is not always just two parties.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ease of use needs improvement

    Encrypting emails is easy. Recipients on the other hand have major problems. Most of our clients have moved away from 365 encryption because it is so confusing and difficult to read the emails. I suggest you guys streamline the process and simplify it for the recipients before everyone jumps ship for simpler solutions. You nailed the front end process but the recipients suffer badly and can never seem to figure out how to open messages.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. email security

    I am informed by a support ambassador that the recent email my tenants are receiving allows a scrip[t to run that will extract the username and password from outlook giving the malicious sender access to that account if the user clicks on the link in the email.
    if this is true, then this is a serious security breach and needs to be patched immediately!!!! my tenants are being hacked justifiably at their own doing by not recognizing the potential hack, but this should not be possible. period!!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve ICD-9/10 detection for DLP

    Currently ICD-10 detection will trigger if an email contains the single word "system", with 85% certainty. An exact code and description match will also trigger with 85% certainty.

    An MS support tech explained that ICD-9 and ICD-10 detection was based on a dictionary lookup that includes the codes AND the code descriptions.This makes this detection mostly unusable, as many common words are detected with no way to distinguish from exact code matches.

    An improved system would primarily use a keyword lookup that matches the CODES only, with additional % certainty for nearby words matching the code DESCRIPTIONs.

    Until some kind…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  11. Automatic deletion of shared document links for deleted documents

    Hello,

    If a user deletes a document, the link for other users doesn't disapear.
    Would it be possible to implement a batch that analyzes the deletion of documents and automatically impacts the shared information for other users of the organisation?

    I tried with various situation, placing the document in the two different bin and it is necessary to delete the share configuration before the document.
    It is very impacting, if you consider that most of user don't think about deleting the share option before deleting a document, and as soon as the document is no more accessible, you have a…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  12. Please make OMEv2 a proper superset of the "old" OME including server-side decryption rule

    Please make sure that all the current capabilities of the "old" OME are present also in OMEv2 before decomissioning the old version.

    We have a case where a third-party application sends and receives mail that may contain sensitive customer data.

    We can enforce TLS between the application and Office 365, but not between Office 365 and recipient. The application needs to be able to process replies, thus they need to be in the clear when arriving at the application input.

    This is possible in the old OME but not OMEv2. Thus, we cannot move to OMEv2.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Business justification for Policy Tip should not be a free text field

    The business justification for a Policy Tip is currently a free-text field and allows users to simply hit the space bar to continue sharing the content. It would be better to have a drop-down or radio buttons with the following options:
    1. I did not know transferring this data was restricted.
    2. This is part of an established business process.
    3. My manager approved this transfer of data.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  14. Need multiple options for screen sharing for Office 365 Support

    Office 365 Support Help staff currently use Logmein as a tool for screen sharing with customers and for tech support. Our company has locked that tool from being used for security reasons. Can Microsoft provide another option? We tried to use Skype for Business but Support won't pass out a email address - so we cannot schedule a call and use that tool. Need some other options.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. audit trail delegate 'send as' 'send on behalf of'

    have the exchange online audit trail include events for granting/revoking 'send as' and 'send on behalf of' mailbox delegation permissions

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Users not getting prior intimation of Password Expiration notification

    We have done setting in office 365 admin - security setting for password expiration as 60 days expiration period and 14 days advance notWe have done setting in office 365 admin - security setting for password expiration as 60 days expiration period and 14 days advance notification to user on password expiration. User not getting such notification after expiration period and IT dept. has to reset each and every user password from admin ification to user on password expiration. User not getting such notification after expiration period and IT dept. has to reset each and every user password from admin…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. Figure out why users get a Security Warning that outlook.office365.com has a bad certificate (issued to dsldevice.domain_notset.invalid).

    It's all in the title. Your service should not be trying to use such a certificate. Maybe check to see if a server has been taken over.

    This seems to happen about once ever 3 weeks or so.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Use an email phishing engine that takes into account American vernacular as well as spelling and grammar.

    Foreign phishers, of which most seem to be, cannot master the idiosyncrasies of American vernacular and they even struggle with basic grammar and spelling. Since they are usually posing as legitimate American companies or professional individuals, create a machine learning engine that understands American vernacular then sanity check emails for violations of the learned rules of the vernacular. Microsoft likely already has a usable machine learning capaability already (bot Tay for example). Time to stop playing with that technology and start using it!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. ATPを検知したとき、スパムフィルター同様、[件名行の先頭にテキストを追加する] 設定ができるようにしたい

    ATPを検知した際の動作に [モニター]などに加え、[件名行の先頭にテキストを追加する] をできるようにしたい
    トランスポートルールにて、ATPにて検知された特定の拡張子のファイルをバイパスする方法ならあるが、検知したATPすべてに対して[件名行の先頭にテキストを追加する] を設定したい

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base