Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Prevent Exchange DLP Scanning SharePoint DLP Notifications

    When implementing DLP we found that Exchange DLP would scan SharePoint DLP notifications and leak information out to no-reply@sharepointonline.com.

    As a workaround we have excluded out reporting mailbox from DLP, however it would be better if this these notifications were not scanned.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  2. ASM notification e-mail with broken images

    Advanced Security Management notifications coming from Office365Alerts@microsoft.com have broken links to header image. It will not get displayed in Outlook.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Bugfix: Creating an eDiscovery Case with Edge

    When creating an eDiscovery case using Microsoft Edge and adding a search including a date range criteria, the case gets corrupted. The System locale was set to German, but that should not matter.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  4. I'm really frustrated that there seems to be no way to turn off this safe links blocking feature in Outlook. I was using a trusted, safe lin

    Really frustrated that there seems to be no way to turn off this safe links blocking feature in Outlook. I was using a trusted, safe link and I was forced to wait for 3 minutes for them to check the link. Shouldn't we as the users have the ability to choose for ourselves whether we want such delays while working?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support staff must be far more cognizant of security and protecting their clients resources

    The staff I speak with continue to ask me to elevate users to resources they should not otherwise have.
    The support staff should be provided with additional security training to understand conventional access control methodology; RBAC, DAC, MAC are all methodologies which various consumers MAY be utilizing, and the requests made should be compliant with the model in use; They should not repeatedly ask to provide access to user A for group B, it wastes a great deal of time, and time is money, in particular as there are a variety of competitive products for online documentation.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Rules are not working on Junk Email.

    I enter the domain name when I create a rule on my junk mailbox, such as 'wooordpress'. The rule never works.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Can Service Trust Portal support IE11 soon?

    It would be nice that Service Trust Portal will support IE11 soon!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  8. When an email from an external sender is sent to hosted quarantine for any reason (i.e. attachment type), notify the sender with reason.

    We have a transport rule that moves external email with specific attachment types to hosted quarantine - so we can release them if we need to. We would like to be able to send replies to the sender - asking them to consider re-submitting their email with an acceptable document type such as PDF.
    We could do this if we simply blocked the message altogether, but the idea of hosted quarantine is that we can review and release if it is necessary, without involving the original sender.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow Export of folders for user instead of search in Security and Compliance.

    Allow Export of folders for user instead of search in Security and Compliance.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. DLP notifications webhook

    DLP Alerts should also have webhook capability and not just email.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  12. Custom sensitive information type - Allow minimum count for regex

    The GUI does not allow the minimum count for regex, only keywords. By allowing minimum count for Regex. This is to ensure eDiscovery search cases provide the same response as DLP policies.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  13. UI: please add an export button at the end of the controls

    Please add another "Export to Excel" button at the end of the controls page.
    It usually makes me first scrolling down - recognizing that the button is not there - and scrolling all the way back to the top. Just doublicate the button!
    Thanks!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. Update DLP rules to close Document Versioning loophole

    A file that passes the DLP rules can still contain visible Sensitive information in a previous version of the file. This directly bypasses the intended behaviour of the whole DLP system (to restrict access to sensitive information).

    One of the primary ways to unlock a DLP locked file is to update the file to remove the sensitive information. By doing so the DLP flag will be removed and file access by other users restored. Currently, this actually exposes the sensitive information contained in the file because these other users can easily view the sensitive information via the version history of…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  15. Compliance Center Issues

    I have been doing a lot of testing with Search in the Compliance Center against OD4B sites in SPO. We are a very large origination (55,000+ users) and currently have over 24,000 OD4B sites. The admin center in the Compliance Center is limited but does work as advertised to some extent. I can search and retrieve the first 200 items for preview. It is a bummer that the preview or entire results from the query can't be exported here. That led me to move to PowerShell using the Compliance Center commandlets. I am very disappointed in it's current function. I…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Can you add Malaysia Passport Number as part of the DLP template offering?

    Can you add Malaysia Passport Number as part of the DLP template offering?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  17. Differing Status Views in Office 365 Admin Quarantine

    The 'new' admin quarantine page (to be switched over in October 2018) appears not to show status of quarantine emails. In the old view, I put in a user in the recipient field and up comes 3 emails spam or otherwise. Status reports they have been released, so if there is any question, I can say, yes, it has been released. However, on the new quarantine page view, when putting the same user in the recipient field, nothing is listed. Could this be enabled please?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow more than a single transport rule for OME

    Recently, I created a DLP Transport Rule for Office 365 using the US Financial Data Services as a template and the transport rule action was to Apply Office 365 Message Encryption.

    Prior to implementing this transport rule I had a simple OME policy of encryption e-mails with a high priority that were sent outside my organization.

    After spending some time trying to figure out why this Transport Rule (and corresponding action) was not working, I have learned that having more than one Transport Rule using OME is not permitted.

    I see this as a shortcoming - as using an encryption…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  19. Statement of Applicability is not published

    Please publish the Statement of Applicability dated October 18 2018 used for Office 365 ISMS.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  20. No alert for PII email with blank subject line

    There is no alert in Security and Compliance for an email containing PII with a blank subject. User notification and policy tip work.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base