Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow In-Place Archive mailboxes to be deployed automatically for new users

    There is no option in the Set-MailboxPlan to enable In-Place Archive Mailbox for new users by default.
    By enabling an option to do so in Set-MailboxPlan or adding a function to allow organization-wide setting for enabling In-Place Archive, it saves admin's time and work.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow Office 365 Security & Compliance blocking like Outlook Junk feature

    I'd like Quarantine Notifications to provide an option to block sender or sender domain, similar to Outlook's Junk options. Too many emails that don't allow blocking domains so notifications continue.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. IP Category for public VPNs and Proxies

    Is there was a way that Microsoft can tag the IP addresses which belong to VPN and proxy service providers such as tunnelBear, nordeVPN, ViperVPN,OpenVPN,OperaVPN,etc.

    This will help to increase the security and ease the analysts job functionality when going through logs.

    https://udger.com/resources/ip-list/anonymizingvpnservice
    https://free-proxy-list.net/

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Why is there no template for Finma

    The FINMA check list is available for download, why can I not simply select and apply a FINMA compliance template for secure score

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. ZAP failed due to user configuration - feature missing

    There was a feature in the compliance centre called "ZAP failed due to user configuration" which I used to have as a tab in the compliance centre, by clicking on that tab used to give me the list of users who have disabled their "Junk filtering" in outlook. It vanished from the dashboard since Jan 2020. I would like to have that feature back please.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Temporarily Block IP Address upon detection of Malicious Activity

    Dynamically block Login Attempts without locking user account from IP Address after Brute-Force attempt. Allow Admin to choose number of incorrect login attempts, block time, number of failures before permanent ban and IP whitelist/blacklist. Provide portal for reviewing and removing permanent locks and bans. Additionally, consider optional use of MS-Managed blocklist from known threats

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Message trace shows spoofed mail as legitimate

    Please can you enhance the Message trace, spoofed mail will fool your system and show as an internal mail when this is not the case. This leads to incorrect troubleshooting.

    Thanks Bill.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  8. Examples

    Anyone coming in to this new app finds words and their definitions very intimidating. The verbiage used has no precedent with existing policies, so in order to allow the most rapid deployment of this app into a Sharepoint site, I would like to see examples of how this tool is actually used in an example site, with popups showing where the concept is being used and how it got to that point. In other words, I would like to see many examples of compliance in action.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. content search to add Number of Recipients is not greater than X number of Recipients

    content search to add Number of Recipients is not greater than X number of Recipients field for teams searches

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  10. man in the middle

    Ladies and Gentlemen!

    Our IT security specialists have found out that the login data is transferred in plain text when logging on to Office 365. This enables very simple "Man in the middle" attacks. I found a post in Technet about this topic, which is two years old.
    This should be checked and fixed urgently.
    Link to original post: https://blogs.technet.microsoft.com/latam/2016/12/09/o365sectalken/
    Thank you very much!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. add county to on the ip translate on the auditing security log

    pleas add on the user IP report the county and location of the ip it help to read the log and see if there was attack

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable users to read unauthenticated mails in Outlook Client after a warning

    Nowadays,
    When an email is received that did not pass sender authentication:
    - Outlook displays a '?' in the sender photo
    - User cannot read the email in Outlook 2016 with default O365 phishing policy

    The only possibility for administrators today is to either turn this strategy on (be default), or off.

    I would like to add a third possibility:
    - When clicking on the message to read it, the user is warned that the message did not pass sender authentication, bnut still has the option to read it:
    Are you sure you want to read this unauthenticated message Yes…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Show all activity types in the dropdown box for policies in Advanced Security Management

    When creating or editing a policy, you can only browse down to "Force users..." in the Activity Types drop down selector, but if you know the name of activities further down in the alphabet, you can type them in & find them. You should be able to scroll through all of them so an external reference isn't needed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. In Tracking, kindly provide the feature of subject wise tracking.

    As each day, we get phishing issue and tracking with subject is a need.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  15. Create security alert when someone with a delegated email opens up the email from the "open another mailbox" link in Outlook online

    Create security alert when someone with a delegated email opens up the delegated email from the "open another mailbox" link in Outlook online

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Install MsOffice with product key

    Microsoft Office is an applications suite, which accommodates some application package into a suite, called MS Office. Each Office application has a unique purpose to get a specific service to office users.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow deletion of Custodians in Advanced eDiscovery

    Currently deletion of custodians is not an option. However, this would be a valuable addition to allow for erroneous data entry and spec changes.

    Having a custodian in the list that is not required is mis leading.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  18. Faltan opciones para la realización de búsquedas por contenido

    Desde hace varias semanas hemos venido recibiendo en varios buzones de correo mensajes que incluyen un archivo adjunto de tipo "IMG" (imágenes de disco) el cual a su vez contiene archivos ejecutables. Cuando el usuario abre el archivo adjunto, Windows 10 monta la imagen (crea una unidad de disco en el equipo) y muestra el contenido, el cual al ser abierto infecta el equipo y da inicio a una serie de tareas típicas en casos de malware.
    Días después del inicio de estos mensajes entrantes, encontramos que a través de una de las cuentas receptoras se estaban enviando masivamente mensajes…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  19. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enable starting an extended message trace directly from the result window after running a basic message trace

    Run a basic message trace. Look at the results. If anything looks wrong in the message trace detail, provide an option to run extended trace for that particular message right from the detail page.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Message Trace  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base