Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide ability to search and export 'Shared with me' items in OneDrive

    There are occasions when we would want to include those items shared with a OneDive user in the ‘Shared with me’ folder. It would be nice to have a way to include these in search results and any following eDiscovery exports.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  2. Dont for the alternative email address when you detect a suspicious login. My phone autosuggests the alternative

    When a suspicious login is detected don't show part of the alternative email address. Eg Pp*****@gmail.com because if someone has access to the users phone etc when those first two characters are typed Google autosuggests the email address. Making it easy for the thief to receive the security code. Doh!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. While typing MFA OTP Password , User should not able to see or it should be in ### or **** format

    While typing MFA OTP Password , User should not able to see or it should be in ### or **** format

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Modern Authentication Pause

    Small company with internal IT "support". We (I) do a great deal of handholding for the employees, including troubleshooting and preparing Windows 10 devices using Office 365 (Business Premium). Ongoing problems with MA/MFA in my environment is a nightmare when I have to coordinate the forwarding of the "confirmation" text in order to proceed in my troubleshooting or preparing stages. When the employee is "available", it's not a big deal, but when the employee is not, it can result in delays in completing the process.

    Maybe something already exists, in terms of a "pause", but if it does, I can't…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. What are the rules applied on incoming messages?

    What are the rules applied on incoming messages? I have observed that out of two emails sent by me, one was delivered to Inbox while another one was quarantined.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. the email limition

    we have encounter a terrible case that cause by Microsoft O365 limited setting. we can not change this limited by any field. our user's email account has been compromised to sent out lot of spam mail. more than 10000, we have reset the password and unlock it out the "action center", but user still not able to send mail by Microsoft limited. That must be waiting 24 hours. Do you have any idea to process this temporary work around to let user can send mail out then we can do deep action to prevent the mail account be compromised.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Flag email item original version (received or sent) on an eDiscovery export PST

    While doing an export using eDiscovery features, if there are different versions of an email sent, because user edited the item after it was sent, there is not easy way to identify the item. Only after adding "Modified" column an Analyst can identify such item. If item is flagged as original (considering emails received and sent can be considered an operation), it will considerable reduce the complexity over a search that can contain thousand of items.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  8. Compliance Manager ISO 27001 AU-0127 and AU-0128 are the same

    Compliance Manager ISO 27001 AU-0127 and AU-0128 are the same

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  10. ATP SafeLinks Additional Reporting

    ATP SafeLinks Additional Reporting
    I'd like to see the reporting expanded to include what device a user clicked a link. This will help resolve some 'we didn't click that from this work device' disputes.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  11. Need An Awesome Theme Wedding Decor For Your Flowers Wedding?

    There’re multiple ways to intensify a wedding theme with these colors and one of them is about using lots of greenery along with gentle white fabrics and patterns and wooden details with best of the fresh flowers theme wedding decor.
    visit:- https://sites.google.com/view/theme-wedding-decor/home?authuser=1

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. I want to be able to customize the data exported in the message audit log and send it to the user

    I want to be able to customize the data exported in the message audit log and send it to the user

    メッセージ監査ログのエクスポートしたデータをカスタマイズしてユーザーへ送信できるようにしてほしい

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Project Online needs the ablity to restict views. Allowing all users to see project cost information makes Project Online un-usable.

    Project Online needs the ability to restrict views. Allowing all users to see project cost information makes Project Online in-usable.

    Support Email:
    Hi Lyn,

    I tried to call you but nobody was answering the phone, so I left a voicemail message indicating that I will contact you via your email instead.
    This is regarding to the issue you logged about sharing a specific view only in Project Online. We understand that you need this so I've checked my resources, talked to my manager, my co-support engineers within the globe and I've found out that this is product limitation. We can…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Misspelling on https://servicetrust.microsoft.com/ViewPage/SCCIntroPage

    Not sure this is the right place, but there is a misspelling in section "Search the audit log for user and admin activity in Office 365" where it says "Because events from most Office 365 services that you're organization" and it should read "...your organization..."

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Advanced Threat Protection: Implement a way to check links from console

    Currently, the only way I am aware of that InfoSec can determine whether a link is malicious or not is to detonate the link on a sandbox and then performing a URL trace.

    Please implement a way of analyzing a suspicious link within ATP console similar to how zulu zscaler or quttera.com does it.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. ATP

    ATP - cureently does not scan urls inside attachments , could be a nice addition to the feature

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. More information for alert policy activities

    I would like you to provide us public information for type of activities and descriptions which can be set by Alert policies in O365 Security & Compliance Center, or streamline the descriptions shown in the navigation pane. Currently, policy descriptions can be found in the navigation pane, but I need open to see them one by one. It would be great if I could view all the activities and descriptions in one place at a time when setting policies.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. How to disable SPF authentication

    It is an operation that SFP authentication is automatically performed by EOP, but I want to be able to invalidate it.
    In our environment we have set up an MX server and we are delivering it to ExchangeOnline from there.
    I would like to do SPF verification on the MX side and not overwrite the verification result by SPOF verification with ExchangeOnline.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  19. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  20. Aggregate unusual external file access activity

    These activity lists can easily get very long. Having a slightly aggregated list for first glance. Being given a list of three items that say this person accessed that sharepoint site would help a lot. We do a lot of collaboration with out sister organizations and clients so it would be nice to easily separate the people browsing through sites and onenotes that we have given them access to from those looking at things we didn't intend to give them access to.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base