Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow E-Discovery for Exchange Online Archiving

    We are at the moment in a hybrid scenario where part of our users have their mailboxes on premise and the archives in Office 365. Recently we noticed that we do not have any option for actually exporting the Exchange Online Archive contents to a pst, outside of doing it from Outlook (we are in a Citrix environment and users are located in different countries so that would not be easy).
    It would be great if we had an option to search/export the archive contents for hosted archives.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  2. Advanced Threat Protection and Safe Links

    We had an email with a link that was pointing to web page with multiple link, none of them safe. One of the Phishing URL brought up a spurious Microsoft Office login page. The Safe Link process of ATP failed to stop this email which was delivered as safe. Safe URL scanning should check everything, going as deep as needed to check for possible threats.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Improve support for mailing lists in spam/phishing filtering

    When users are sending messages via a mailing list (mailman, for example), there is often a mismatch between the From: Header and the Sender: Header , there the From: is the real sender while Sender: is the mailing list's address. Most mailing lists implement this so replies work properly and so SPF works correctly. EOP/ATP sees this as a phishing attempt (which, admittedly could be the case). Adding the mailing list to the allowed senders does not work as ATP seems to be checking the From: header only, so stuff still gets blocked. Premier support always suggests creating transport rules…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. quarantine is ridiculously ineffective waste of time!

    Quarantine is ridiculously ineffective waste of time! You've created a mess that takes FOREVER to clear and the messages being quarantined are from regular senders. It's not working. It's useless and overly BUREAUCRATIC!!!! GET A LIFE!!!

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Looking up OneDrive accounts on eDiscovery

    The options currently available to find a user's OneDrive are not intuitive enough, its based out on guess work, there should be an interface that, just as searching for mailboxes, show the OneDrive sites for all the "Smith, John"'s on the tenant

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add support for epub-3 files in Exchange threat filter

    Currently epub-3 files are being blocked as malware in exchange threat management. Please review the filters and/or scan engine so that these valid files can go through.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  7. not seeing channel or private channel names in communication compliance policy results

    Not able to see Channel or Private Channel names or pchat group names in results. It makes it extremely difficult to distinguish where the results are from. Even between chat and channel is difficult - the only way to know is looking at the recipient name. It would be great if there were columns for TEAM Name, Channel Name, Private Channel Name, and pchat group name, etc.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Communication Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  8. Loan and CD account numbers

    Please include Loan numbers in the U.S. bank account number definition. Most other types of bank accounts are in there but types of loans (mortgage, HELOC, etc)

    Also, certificate of deposit numbers

    Thanks

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  9. Release a Phishing Login server URL from the security blocker

    I would like you to release a Phishing Login server URL from the security blocker in the users’ environment. The URL is set when simulating a phishing attack by using Attack Simulator in Office 365. Because it would be blocked, we can’t review the page shown after entering credentials, and we can’t actually test the effects. So I would like you to release the URL from the blockers in a security software or browser security.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Create and import new policies in MCAS using Powershell

    Currently it is not possible to create new Microsoft Cloud App Security policies using power shell module.

    Also, no possible to import these policies from Powershell.

    This would be useful it a customer has multiple tenants and would like to keep them aligned.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. License report

    Create license reports per O365 subscription. example: E1, E3, Project Online, Visio, Power BI, E5, etc? with end user login, UPN, Country, purchase date, last usage date.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  12. How do you find messages you accidentally "removed from quarantine"?

    I accidentally clicked "remove from quarantine" thinking it was "releasing" and now I can't find the message. Please help?

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Service based auto-labeling should support all SPO and OD sites in one policy

    Hi we are a large organisation and one of Microsoft partners.We need to be able to add entire SharePoint site or as many as 1000 sites to our Auto Label Policy.Is this in the Road map? Any expected time frames?
    As we cannot have only 10 location sites added to our policy.We need to be able to work with many policies and locations simultaneously.
    Thank you

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. office 365 does not work

    office 365 outlook doesn't sort, doesn't load, doesn't send, basically doesn't work. i have updated loaded, reloaded, reloaded, updated, deleted, reinstalled, updated, reinstalled, reloaded.

    doesn't work

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. password manager like lastpass or keypass

    I would like Microsoft to develop and offer a password manager like lastpass or keypass to manage all kinds of login credentials.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. There doesn't appear to be any way to add the sender of a quarantined message to an approved sender list (i.e. whitelist).

    I have automated e-mails I receive a several times a day. They always get erroneously quarantined as phishing attempts. In Outlook I can "Block Sender" or "Never Block Sender", but I have no way to do the equivalent of "Never Block" senders in O365. I have no way to whitelist these "phishy looking" legitimate e-mails.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Imporve Mailbox usage Filter - to see usage of shared mailboxes - if need reach limits of 50GB it needs a Online plan 2

    When a shared mailbox reaches his limit of 50GB, it need a Online plan 2. We tried to achieve this by the portal.office.com but we cannot filter the csv usage list on user mailbox and shared mailbox.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  18. SCC should support Azure AD roles and PIM

    Azure AD and PIM have several roles to managed security products across the Microsoft cloud.

    Some of these roles are:
    Compliance Center Administrator
    Security Administrator
    Security Operator
    Security Reader

    However, these sometimes work and sometimes doesnt work. If you contact Office 365 support you will be told that Azure AD roles and PIM are not supported for Security & Compliance Center, even though the documentation several places says it is.

    If you attend Microsoft presentations or webinars they always recommend the same thing: always use Azure AD roles and PIM, which is weird when Microsoft support says its not supported.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. ContentType

    There are content types Audit.General, Audit.SharePoint, Audit.Exchange, Audit.AzureActiveDirectory and DLP.All but did'nt find content type returning data for "Security And Compliance Centre".So i think this should be added to microsoft doc.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  20. Quarantine Terrible

    This product sucks. Too many false positives. Should move to junk rather than quarantine.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base