Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. OneDrive sync client will enable B2BSync

    I have read this update and I think it is not a good idea

    A permanent synchronization with external users is an open door, a pipe in a Tennant and this is not good

    Actually, if a user synchronizes their computer, the decision is business, empresarial, and the computer / device with which it is synchronized must be under the domain of the company and with that security.

    But if OneDrive is synchronized with a user external to the organization, the door must be permanently open, traffic must be permanently available and the security is responsibility of Microsoft. The external…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Reports filtered in graph view do not stay filtered on View Details Table tab

    On the Reports Dashboard, I pick the Transport Rules report. On the graph/report tab, I can filter the graph to show a single Transport Rule. Great! When I click the View Details Table button, it reverts back to ALL transport rules. There is no way to filter the data on that screen to show only a single rule, and the Request Report button doesn't have any filters available either. This is surely a bug and I have a ticket open. Please fix.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  3. Need to fetch report of outbound spam report which contains mails only delivered from HRDP (High Risk Delivery Pool)

    We had received outbound spam mails report, and there we have found all mails of outbound spam mail, but we want to filter those mails which only delivered from HRDP (High Risk Delivery Pool).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  4. Protect the Exchange Online Archive with additional security so it is not accessible when an attacker has access to the primary mailbox

    Currently the online archive is just an extension to the primary mailbox, providing the user or the shared mailbox with extra storage. But as the data in the online archive is often less relevant for current business, yet it likely contains valuable information, I often get the request to reduce the footprint of the primary mailbox by removing content of it, i.e. move it to the archive. But currently, that doesnt really do the trick as the archive is AS accessible as the primary mailbox. The solution I propose is to (optionally) allowing an additional level of security on the…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Show Shared Mailbox archives in the Records Management dashboard

    In the Archive section of the dashboard, it currently only shows users who have archives in place. Can we also add shared mailboxes into this same view?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. I want to be able to check the operation history of the message tracking log in the audit log

    I want to be able to check the operation history of the message tracking log in the audit log
    監査ログでメッセージ追跡ログの操作履歴を確認できるようにしたい。

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. Dynamics 365 SOC I type II report ran every 6 months.

    For our SOX auditing, we are in need of a Dynamics 365 SOC I Type II report ran every 6 months instead of once a year. Because of our fiscal year end timing and the timing of the current yearly report the external auditors are unable to find comfort int he amount of months currently coverer

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Records management User Group

    A resource to connect with others who have implemented Compliance Center. We could share knowledge and best practices.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Widen header columns in Quarantine report

    'Sender' and 'Subject' go onto the next line. Recent issue.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. More granular security for Sharepoint - allow for user names for external access

    Sharepoint as it contains corporate data MUST have the best available granular control for user permissions. Admins need to be able to set which of their domain users can access Sharepoint externally AND for the ones who can access it externally have the ability to set read only or contribute, etc rights to those usernames.

    Sharepoint access and permissions MUST be separated from internal - external for admin control and data protection.

    This imperative and should have been available already as it pertains to the protection of companies data.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Re-enble the Remove from quarantine button

    Until recently the "Remove from quarantine" button was enabled for users and by removing already reviewed spam emails it made the review process so much faster on subsequent visits.

    The IT people at work can not find any way to re-enable the button for ordinary users.

    The reduction in productivity by this recent change is very bad.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. User account getting blocked as SPAM senders while sending marketing mail.

    we have centralized mail i.e. all mails going out through our On-Prem servers. it would be great if possible to bypass EOP for centralized organizations through wither send connector or transport rule. Microsoft's systems are not exposed to publicly to send mails

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Alert whenever a user attempts to send an attachment to an external recipient

    With the advent of the EU GDPR we feel it would be useful to be able to alert users if they have included an attachment on an e-mail to an external recipient to ensure that the content of the attachment is appropriate for the recipient i.e. no personal information.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. Have compliance search flag e-mail aliases

    Please have compliance searches check for e-mail aliases. Such as a mailbox is being searched and there is an address on the recipients lists that is an alias for that mailbox. (Everything is a hit.)

    For reference ticket 17420048 took a week with support and a 4.5 hour phone call to find the issue. Having the search kick a warning or error would have avoided all that.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. Implement changing expired passwords for Azure AD synced accounts within pass-through authentication.

    Actually changing expired passwords for Azure AD synced accounts is only possible wit ADFS, when the user dows not have access to the on-premise AD. Changing to pass-through authentication would have a lot of benefits, e.g. seamless single-sign-on, but this feature would only be possible, when adding expensive Azure AD premium licenses to the users.
    Changing expired passwords for Azure AD synced accounts with pass-through authentication would have a great benefit for users working outside the company network without access to the on-premise AD.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Remove the ability to classify a risky sign in as "confirmed Compromised"

    Because this blocks an account without any form of notification anywhere, even in Azure's Block/Unblock, this feature urgently needs to be removed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. When clicking on cancel in outlook 2016 the desktop out you can still look at the user’s i this need to b fixed asap

    When clicking on cancel in outlook 2016 desktop after you log out log out of outlook desktop app if you click on cancel up are brrought back to the user’s in box and anyone can open up user’s email.

    This needs to be fix now

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Information produced in message trace not accurate

    I was looking through emails from a specific sender and the email trace showed data that was incorrect, information I was able to confirm by tracing each individual email. For example, a transport rule should prepend all inbound emails with "External", and when reviewing all mails from that sender, whether or not that appeared was random. When I viewed the individual message trace, I saw that ALL emails had been marked as "External", but this cost me several days of tracking erroneous information.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base