Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Dangerous behaviour of SPAM Whitelist

    If there are multiple senders in smtp-header, the spam whitelist is checking each of this senders, and if one is included, then the message is whitelisted. Sounds good.

    I have some pishing eMails received, that are whitelisted, because the faked Sender is in my whitelist.

    MAIL FROM: <wicked@spam.com>
    From: Display Name <good@wellknown.com> <wicked@spam.com>
    (no sender field)

    so, if i have <good@wellknown.com> in my whitelist, the mail would not be checked as spam. The mail however is sent from wicked@spam.com>. It would be displayed as
    Display Name <good@wellknown.com> in Outlook.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. test

    現状、Outlook on the web サービス以外の Microsoft Office 365 サービスを使用する場合、Skype for Business のプレゼンス情報が Office 365 のナビゲーション バーに表示されませんが、
    今後 Office 365 のすべてのサービスでプレゼンスが正しく表示させるか、すべてのサービスでプレゼンスを非表示にすることができるようにしたいです。

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. ATP scanning document dimension limit

    Extend O365 ATP limit for SharePoint online document. Current O365 ATP support 25MB document in scanning with SharePoint Online

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add ability to block Apple Watches as mobile devices to prevent downloads of email

    As of now, a user could have an authorized mobile device (company iphone or BYOD), for which him/her can get access to email. These devices have encryption and PIN policies via Office 365. These devices are registered and allowed via Office 365. If a user connects an APple Watch to their iphone, they can download email and attachments to it, the device is NOT encrypted nor PINed with policies and NOT authorized. Yet it is being allowed. Security risk.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. logging

    We need to be able to see the exact modifications made to things like the AllowedSenderDomains content. Right now there is a log generated for the Set-HostedContentFilterPolicy event and it contains the date / time, user, the fact that it was the AllowedSenderDomains content that was changed but it does not tell you what was actually changed. All the message contains is the complete listing of the domains (sort of). The same goes for the removal of any domains in this list. A definitive name of the entry modification is what we really need.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Address zero width spaces used in URLs - safelinks phishing

    This article highlights weaknesses in Microsoft safelinks https://thehackernews.com/2019/01/phishing-zero-width-spaces.html
    which also states microsoft addressed on 9 January 2019.

    However, testing on 11 Jan, we were able to use zero width spaces within a URL. It appeared that the URL was still being checked by safelinks as it goes to https://apac01.safelinks.protection.outlook.com/?url=https: ... " but when html source code was viewed it showed that safelinks data verification failed; and the user was directed to the modified URL which originally had zero width spaces included.

    Can Microsoft please checks this.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Make IRM encryption and "do not forward" work with dynamic distribution groups

    Refer https://support.microsoft.com/en-us/help/4459264/cannot-view-office-365-irm-encrypted-message-for-ddg, "Assume that you send an email to an Exchange Online Dynamic Distribution group (DDG) that has an Azure Information Protection Information Rights Management (IRM)-protected template applied, such as "Do Not Forward." When the recipient tries to open the email, they are redirected to Outlook on the web (OWA). OWA displays a button to read the message, but selecting the button does not work, and the recipient gets caught in an infinite loop without being able to view the message."

    Apparently "This behavior is by design." as "IRM encryption does not support DDGs"

    Please make these options work…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Encryption & Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow for ANY matches in addition to character proximity number values in DLP alerts

    In addition to character proximity values for keywords and supporting element keywords, perhaps allowing for ANY match as triggering the alert.
    Ex. Keyword A must be present and any other supporting element keywords regardless of proximity to the required keyword.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  9. the ATP safe links as its not fully working with all of the links

    the ATP safe links as its not fully working with all of the links

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. ediscovery

    the ediscovery doesn't pull up the right search results for all emails between a time interval with specific recipients and senders

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add guidance for mac users on how to encrypt for InTune compliance

    Add guidance (or link to Apple guidance) for users who are prompted to encrypt their mac to comply with InTune device management. Currently users are told to encrypt then linked to a page with no information on how to do this.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Alert policy to catch when users reach a predefined limit

    In office online there are several limits predefined, as recipient limit or message size limit. I want to know when these events happens.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Get-User does not show default authentication policy

    When you set an exchange default authentication policy the default authentication policy is assigned to all users who don't already have a specific policy assigned to them. However when you query Get-User their policy is null. It should show (default) so admins know if a user has a policy set.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow In-Place Archive mailboxes to be deployed automatically for new users

    There is no option in the Set-MailboxPlan to enable In-Place Archive Mailbox for new users by default.
    By enabling an option to do so in Set-MailboxPlan or adding a function to allow organization-wide setting for enabling In-Place Archive, it saves admin's time and work.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  15. Viewing attachment filename

    We have Transport rules setup in order to trap any attachments. We then get Notifications forwarded by the recipient, then we check within Exchange Admin Centre, the Quarantine page and when we find the email, we can click on the 'Preview Email Message' and we can see the filename of the attachment. We use this feature just to view the filename - not the contents - just the filename and it's extension, so we can analyze quickly it's potential risk.This feature is now missing in the new Quarantine Page within the 'Security & Compliance Centre' Can this feature be enabled…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  DLP & Transport Rules  ·  Flag idea as inappropriate…  ·  Admin →
  16. IP Category for public VPNs and Proxies

    Is there was a way that Microsoft can tag the IP addresses which belong to VPN and proxy service providers such as tunnelBear, nordeVPN, ViperVPN,OpenVPN,OperaVPN,etc.

    This will help to increase the security and ease the analysts job functionality when going through logs.

    https://udger.com/resources/ip-list/anonymizingvpnservice
    https://free-proxy-list.net/

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Message trace shows spoofed mail as legitimate

    Please can you enhance the Message trace, spoofed mail will fool your system and show as an internal mail when this is not the case. This leads to incorrect troubleshooting.

    Thanks Bill.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  18. content search to add Number of Recipients is not greater than X number of Recipients

    content search to add Number of Recipients is not greater than X number of Recipients field for teams searches

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  19. man in the middle

    Ladies and Gentlemen!

    Our IT security specialists have found out that the login data is transferred in plain text when logging on to Office 365. This enables very simple "Man in the middle" attacks. I found a post in Technet about this topic, which is two years old.
    This should be checked and fixed urgently.
    Link to original post: https://blogs.technet.microsoft.com/latam/2016/12/09/o365sectalken/
    Thank you very much!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. add county to on the ip translate on the auditing security log

    pleas add on the user IP report the county and location of the ip it help to read the log and see if there was attack

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base