Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. GeoLOC Blocking

    We are seeing failed login attempts to O365 for ourselves and our clients from across the globe as hackers exploit OSINT. Please give us and our client to block login's to our company's accounts by IP Geo Locatons.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Provide a verification option before locking out accounts

    Provide users the option to verify suspicious behavior before locking out an account. This would prevent false negatives.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Recovery of account is impossible if you forget your password and change email addresses

    I can give every detail of credit card but you keep saying not enough to verify account. I have spoke to an agent, no help. I have been to a store, no help. All I want id the tax invoice for the AU$129 dollar paid on 6 March. No one can send it to me.
    abf_secretary@live.com.au but I have no access to this email now

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Limit location specific sign in by user, not all or nothing, without having onsite servers.

    We would like to use the location specific sign in for most of our users. Just not the administrators. Also, we would like to do this without having onsite servers. These are expensive to maintain and we aren't a large enough company to afford these.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add an option to Delete High Confidence Phishing Emails in Antispam Custom Policy

    Add an option to Delete High Confidence Phishing Emails in Antispam Custom Policy.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. MFA Authenticator App Security with iPhone Multi-Touch Display

    With the iPhone multi-touch display (currently on the iPhone 7 and future) security is bypassed. I do not have to unlock my phone to respond to a request from the Azure Authenticator App which bypasses the security of the phone. Make it so that I have to unlock the phone before the authenticator app will respond. DUO MFA already does this and it works better.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. 90 Temporary password email can be misleading

    When a user has their password set or reset, they get notification that says PW is TEMPORARY for 90 days REGARDLESS of the system wide PASSWORD NEVER EXPIRES option you may have turned on so it gives the end user erroneous and contradictory information than what the administrator may have told them.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Better spam reporting options / instructions

    I can not (ever) find how to report spam in Microsoft Exchange. The instructions for reporting all refer to Outlook, and the options given do not work in Exchange. I have two messages I currently want to report that purport having come from Microsoft.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. DCR for sensitive label limitation (SPO support will file this DCR) : Users should not be forced to close a file after applying a label

    DCR for sensitive label limitation (SPO support will file this DCR) : Users should not be forced to close a file after applying a label and then have to reopen the file to make other changes.
    We understand there are some known limitations (https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files#limitations) this known limitations should be changed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Changes in permissions in SCC should be visible in SCC audit log. It is not so currently... We were surprised to find that when one of our u

    Changes in SCC Permissions should be logged in SCC audit log. It is not so currently...
    We were surprised to find that when one of our users lost access rights (roles) to some actions in SCC, there was nothing in audit log. And when we renewed the access for him, there was again nothing in audit log. More details: Ticket 11034713.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Zero-Hour Auto Purge (ZAP) action status

    ZAP is not working (showing as failed) when a domain is on an allow list. Can you change the result to "not applicable" instead of failed? That would help identifying the root cause, because "failed" could also mean a service degradation.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. The link to the site is dead.

    Link leads to nowhere.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. conditions

    The recent change to not allow search queries to be manually typed out in the Keyword box is negatively impacting the ability to run more complex searches in the Compliance Center eDiscovery searches. By only allowing search criteria to be added with Conditions boxes the ability to run more complex searches has been severely reduced. Please roll back this change and allow the researcher to either use the Conditions boxes or to manually write out the query using the searchable email property query language (as was the case for the past several years).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Extend The Office 365 Management API to include SharePoint 'DocumentID' in the Schema

    We have a business requirement that the Audit Logs (Office 365 Event and Audit Log) should include a SharePoint Document ID within the exported log. This allows our compliance teams to query the log's based on a Document ID and review the file actions, rather than using a ItemID or other GUID.

    Content-centric applications provide such functionality, but we have found that the Office 365 Management API provides some good benefits but does not provide the ability to extract the DocumentID against a file referenced within the Audit Logs that exists in SharePoint Online.

    It would be great if this…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Want to select a security group for the Add a condition option when creating a new alert policy

    If we could select a security group from the Add a condition option when creating a new alert policy via O365 Security & Compliance. If this option would be available, it would be more convenient when selecting multiple users.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Secure, non-tracking, private webmail service

    People need a webmail service that is completely private, secure, and non-tracking. There are smaller companies and paid services that provide this type of service. However, because they are small companies, there is a risk they will not succeed. It would be nice for a larger company to provide this security and privacy to its customers. People are too willing to give up their privacy and security for just a little convenience.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  19. Access to Remove TLS 1.0/1.1 and 3DES

    I tried to view the report for removing TLS 1.0/1.1 and 3DES (MC171089)

    My account gets logged off when downloading the report in Service Trust Portal. The Global Admin account downloads the report, but does not know where it is downloaded to, which makes it inaccessible.

    I cannot find the report from the Azure Portal.

    You make security and administration of O365 so ******* us.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  20. Export all url as CSV

    Dear,
    Please move this idea under right subject, if i crete wrong place.
    I'm a secuirt/ firewall, url filtering etc admin.
    I'm defining urls for office 365 license, apps and another.
    Please check this address.
    https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges

    It is very difficult to copy addresses one by one. We need csv import option here. Thus, it will be much easier to import.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base