Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Need to fetch report of outbound spam report which contains mails only delivered from HRDP (High Risk Delivery Pool)

    We had received outbound spam mails report, and there we have found all mails of outbound spam mail, but we want to filter those mails which only delivered from HRDP (High Risk Delivery Pool).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  2. Protect the Exchange Online Archive with additional security so it is not accessible when an attacker has access to the primary mailbox

    Currently the online archive is just an extension to the primary mailbox, providing the user or the shared mailbox with extra storage. But as the data in the online archive is often less relevant for current business, yet it likely contains valuable information, I often get the request to reduce the footprint of the primary mailbox by removing content of it, i.e. move it to the archive. But currently, that doesnt really do the trick as the archive is AS accessible as the primary mailbox. The solution I propose is to (optionally) allowing an additional level of security on the…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. I want to be able to check the operation history of the message tracking log in the audit log

    I want to be able to check the operation history of the message tracking log in the audit log
    監査ログでメッセージ追跡ログの操作履歴を確認できるようにしたい。

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  4. Dynamics 365 SOC I type II report ran every 6 months.

    For our SOX auditing, we are in need of a Dynamics 365 SOC I Type II report ran every 6 months instead of once a year. Because of our fiscal year end timing and the timing of the current yearly report the external auditors are unable to find comfort int he amount of months currently coverer

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Records management User Group

    A resource to connect with others who have implemented Compliance Center. We could share knowledge and best practices.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. Widen header columns in Quarantine report

    'Sender' and 'Subject' go onto the next line. Recent issue.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. OneNote - Sensitivity Labels, Data Protection, eDiscovery

    Please add the ability to label content in OneNote with Sensitivity labels, add auto labeling, and for eDiscovery to be able to search user OneNotes to tag for hold. We need to be able to scan data and understand if it needs to be labled because of PII or confidentiality.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. More granular security for Sharepoint - allow for user names for external access

    Sharepoint as it contains corporate data MUST have the best available granular control for user permissions. Admins need to be able to set which of their domain users can access Sharepoint externally AND for the ones who can access it externally have the ability to set read only or contribute, etc rights to those usernames.

    Sharepoint access and permissions MUST be separated from internal - external for admin control and data protection.

    This imperative and should have been available already as it pertains to the protection of companies data.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Re-enble the Remove from quarantine button

    Until recently the "Remove from quarantine" button was enabled for users and by removing already reviewed spam emails it made the review process so much faster on subsequent visits.

    The IT people at work can not find any way to re-enable the button for ordinary users.

    The reduction in productivity by this recent change is very bad.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. File plan CitationUrl length too small

    The max length for the CitationUrl field is 64 chars. This is way too small for a URL that will be referring to specific page. For example: https://www.gov.uk/government/publications/guide-to-the-general-data-protection-regulation. Please increase to 254 chars.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. ATP safe-links sould not break DKIM signatures when forwarding email outside O365.

    Considering the following scenario:
    - An incoming mail (DKIM signed) arrives from an extrenal domain.
    - The domain in O365 is protected by ATP safelinks.
    - ATP safelinks rewrite URLs and email is delivered to mailbox.
    - The email is forwarded to the external domain (but DKIM is now broken since the contents of the email were modified by ATP Safelinks).
    - When forwarded email arrives at external domain that has a reject DMARC policy in place, the email will automatically fail validation and will be delivered to SPAM folder.

    If user has forward enabled in his account, email should…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. User account getting blocked as SPAM senders while sending marketing mail.

    we have centralized mail i.e. all mails going out through our On-Prem servers. it would be great if possible to bypass EOP for centralized organizations through wither send connector or transport rule. Microsoft's systems are not exposed to publicly to send mails

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Alert whenever a user attempts to send an attachment to an external recipient

    With the advent of the EU GDPR we feel it would be useful to be able to alert users if they have included an attachment on an e-mail to an external recipient to ensure that the content of the attachment is appropriate for the recipient i.e. no personal information.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. Have compliance search flag e-mail aliases

    Please have compliance searches check for e-mail aliases. Such as a mailbox is being searched and there is an address on the recipients lists that is an alias for that mailbox. (Everything is a hit.)

    For reference ticket 17420048 took a week with support and a 4.5 hour phone call to find the issue. Having the search kick a warning or error would have avoided all that.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. Implement changing expired passwords for Azure AD synced accounts within pass-through authentication.

    Actually changing expired passwords for Azure AD synced accounts is only possible wit ADFS, when the user dows not have access to the on-premise AD. Changing to pass-through authentication would have a lot of benefits, e.g. seamless single-sign-on, but this feature would only be possible, when adding expensive Azure AD premium licenses to the users.
    Changing expired passwords for Azure AD synced accounts with pass-through authentication would have a great benefit for users working outside the company network without access to the on-premise AD.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. When clicking on cancel in outlook 2016 the desktop out you can still look at the user’s i this need to b fixed asap

    When clicking on cancel in outlook 2016 desktop after you log out log out of outlook desktop app if you click on cancel up are brrought back to the user’s in box and anyone can open up user’s email.

    This needs to be fix now

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Secure score - subjects that doesn't account in your orgs environment

    Would be great if the secure score would be so interactive that it would take hight for the conditions in the tenant. For example if the tenant is cloud only, why is there still a score to enabled password hash sync in the tenant

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  20. Need a public-facing information describing about permissions to access or operate the new Security/Compliance Center

    Currently, there is no information about permissions for the new Security/Compliance Center. If we could have a public-facing information describing about details in what kind of permissions can be used, our admin would be able to optionally set various combinations of permissions. So, please provide us the information.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base