Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Better eDiscovery and Hold Processes for Large Groups of Users

    Would be nice to see more of a flag and continue when trying to run a Hold or eDiscovery process for a large group or amount of users where if one mailbox has a problem it does not cause the whole process to fail with a generic error that makes it impossible to troubleshoot. Would be better if the process ran and just flagged mailboxes that the process could not be completed for and just move on to the rest of the mailboxes instead of having the whole process fail. We have ran into this multiple times now and had…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  2. Need to determine if a secure message is read and by who

    Determine if a secure message was read and by who for audit and forensic purposes. Opening secure emails requires a user to login or receive a onetime pass code to view the email. This event should be logged and reportable.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. I don't even use office 365 and my outlook email links are also being blocked today as many others have discovered

    Whatever changed today is blocking all kinds of legitimate site from access links in email in outlook. For several weeks, I can't reply to an email from outlook. My work-around is to use MSN premium and then relys or forwards still work for now.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Email and attachment encryption with a password in outlook

    I want to be able to send an email with attched files in a secured way. the recipient is supposed to enter just a password he once received to open and read the email and also the attched files.
    this should be an easy button to encrypt the email whenever you want, maybe even select email adresses out of the adress book to send always password protected emails for this recipient.
    just like the function of crypted.co
    an add in to outlook.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Security and Compliance does not log a complete audit of information

    Good Morning,

    Security and Compliance does not log a complete audit of information and generates a report in EXCEL where it does not show if the user has deleted a specific email message.
    Ridiculous not knowing that a user has deleted the correct sender's email message.
    As administrators will PROVE that user actually deleted that email.
    Microsoft should rethink the audit report for more concrete information.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  6. quarantined emails to be deleted and show if they have been delivered.

    allow quarantined emails to be deleted and show if they have been delivered.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Delist captcha is too complicated, I've cursed Microsoft 20 times before entering it correctly.

    Delist captcha is too complicated, I've cursed Microsoft 20 times before entering it correctly. And I strongly suspect that you have blocked my mail server for no reason, just because you are not 100% sure that it is not sending spam.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Disable the new enhanced anti-spoof capability in Office 365 ATP

    Microsoft enhanced anti-spoof capabilities for Office 365. This new feature is responsible for automatic junking of a message if it fails implicit authentication. The limitation that now have is that we only can use policies to customize the actions and additionally block or allow specific senders based on their authentication status. Want to have have the ability to disable this (enhanced anti-spoofing) feature.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  9. My word document was removed because the note said a visa letter has to come from the country I was sending it to but they were wrong I was

    My word document was removed because the note said a visa letter has to come from the country I was sending it to but they were wrong I was sending the visa to Sierra Leone to invite to the USA from Sierra Leone to my country USA The note said they also had a problem with content because this is a visa invitation letter ....HELP DOES ANYONE HAVE CONTACT

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Delist IP image does not work

    I'm trying to request the removal of an IP Address for sending emails, via https://sender.office.com/, however i cant get the verification image to work. Everytime i enter the 8 characters it says "The characters didnt match the picture". I've tried about 20+ times, any suggestions?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Put ALL in the drop down feature on the new spam filter page

    since you broke down all the different types of mail in the quarantine now, can you just add an ALL drop so users can see all blocked email instead of clicking on each category of message. -

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Fix the Audit Log export to download

    The Export Results -> Download all results functionality and spreadsheet that is created needs to be fixed.
    The log entries stuff under "Audit Data" do not seem to have similar data columns and it needs to.
    When you export it, you get an audit log.csv with the following headers:
    CreationDate UserIds Operations AuditData
    The Auditdata is just a huge mess of what looks like should be another CSV. Extracting this and trying to turn into a CSV based on commas results in some rows clearly having different data than others.
    It is impossible to nicely go through these logs to…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Prevent Exchange DLP Scanning SharePoint DLP Notifications

    When implementing DLP we found that Exchange DLP would scan SharePoint DLP notifications and leak information out to no-reply@sharepointonline.com.

    As a workaround we have excluded out reporting mailbox from DLP, however it would be better if this these notifications were not scanned.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  14. ASM notification e-mail with broken images

    Advanced Security Management notifications coming from Office365Alerts@microsoft.com have broken links to header image. It will not get displayed in Outlook.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Syriac Language!

    Hello Microsoft! I wish you can add Syriac Language to Microsoft Office and hopefully will see that soon or later because a lot of people write in Syriac.

    Thanks

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Privacy  ·  Flag idea as inappropriate…  ·  Admin →
  16. Bugfix: Creating an eDiscovery Case with Edge

    When creating an eDiscovery case using Microsoft Edge and adding a search including a date range criteria, the case gets corrupted. The System locale was set to German, but that should not matter.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add support for epub-3 files in Exchange threat filter

    Currently epub-3 files are being blocked as malware in exchange threat management. Please review the filters and/or scan engine so that these valid files can go through.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. I'm really frustrated that there seems to be no way to turn off this safe links blocking feature in Outlook. I was using a trusted, safe lin

    Really frustrated that there seems to be no way to turn off this safe links blocking feature in Outlook. I was using a trusted, safe link and I was forced to wait for 3 minutes for them to check the link. Shouldn't we as the users have the ability to choose for ourselves whether we want such delays while working?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support staff must be far more cognizant of security and protecting their clients resources

    The staff I speak with continue to ask me to elevate users to resources they should not otherwise have.
    The support staff should be provided with additional security training to understand conventional access control methodology; RBAC, DAC, MAC are all methodologies which various consumers MAY be utilizing, and the requests made should be compliant with the model in use; They should not repeatedly ask to provide access to user A for group B, it wastes a great deal of time, and time is money, in particular as there are a variety of competitive products for online documentation.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. Rules are not working on Junk Email.

    I enter the domain name when I create a rule on my junk mailbox, such as 'wooordpress'. The rule never works.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base