Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. would like to mark any messages inbound and outbound with 80+ messages as SPAM and allow them the option to select which messages are allowe

    I´d like mark any messages inbound and outbound with 80+ recipients as SPAM and allow them the option to select which messages are allowed to be delivered with 80+ recipients and which are not.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  2. MS Stream - Default change to share option

    Alter the current default section of share with 'everyone in the business' to 'only me' to avoid employees accidentally sharing personal and/or sensitive data with the entire organisation.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. provide easy method to submit suspicious files for in-depth checking

    I've had a heavily obfuscated macro/word doc passed onto me via outlook (nothing stopped me downloading the file to onedrive!), it would help if we could submit suspicious files so you can improve malware/virus detection. and suitable notifications for both the user and Office 365 admins.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. O365 mailboxes audit log is missing alot of essential data

    O365 audit log is only showing the real IP from which a certain mailbox was accessed, this is not helpful and not enough at all, as usually users are accessing internet via PAT real IPs, so it is totally misleading whenever there is any need for a sure piece of information, so at least we need to know the virtual IP, Machine name and the mac address from which any mailbox was being accessed, as real IPs are telling nothing.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Office 365 does not warn that the password has 7 days to complete.

    Office 365 does not warn that the password has 7 days to complete.The warning window says it's coming but there's no warning. I have 30 users and it gives no warning.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reports  ·  Flag idea as inappropriate…  ·  Admin →
  6. We need to know the IP address of the user who makes a rule on his mailbox

    We need to know the IP address of the user who made the rule on a user mailbox since this action is usually triggered by an abuser who compromised a user mailbox

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Security / Compliance Center Junk E-mail IP block does not appear in Show Detailed Table

    Security / Compliance Center Junk E-mail IP block does not appear in Show Detailed Table

    セキュリティ/コンプライアンスセンター迷惑メールの IP ブロックが、 [詳細な表の表示] に表示されない

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Malware  ·  Flag idea as inappropriate…  ·  Admin →
  8. Access to CRM should be controllable through Intune (MDM) or, better, like Exchange does.

    Access to CRM should be controllable through Intune (MDM) or, perhaps even better, like Exchange does.

    We need to monitor and controll which devices are allowed for using CRM, and we want to force password and lock-time settings when installing the CRM app.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. How about you use SPF records to verify the validity of a mail server like the rest of the industry?

    We moved our client to a new internet connection and changed their MCX and SPF records accordingly (both records had a TTL of 60 seconds). 3 hours later, they told us O365 was blocking them. Check of industry blacklists and SPF Validity tests indicated noone else had a problem receiving their mail, it was just O365 being special

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Change 2FA+Login process to prevent phishing

    2FA can be used to prevent phishing if a change to the login and 2FA process is applied to online login portals. The login page must load only the username field statically. The username is submitted and if found in the database an OTP is sent to the user. Once OTP is successful the password field gets loaded dynamically, the password is entered and the user authenticates. A spoofed website will not be able to simulate the 2FA, so once users are aware of the new authentication method they will be able to identify the spoofed page before they enter…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Security & Compliance Center - Add role to role group via powershell

    Security & Compliance Center - Add role to existing role group via powershell

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. New-ComplianceSearch should have a flag to ignore invalid locations

    When we have built a list of recipients and fed them to New-ComplianceSearch it will report on invalid locations and not create the search. It would save time if we could pass a flag telling it to ignore invalid locations.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Adding Message Sent and Messages Marked As Unread events types

    Are there any plans to add Message Sent and \or Messages Marked As Unread events types for Exchange Online in the near future? Not including these event types in the O365 audit trail makes it difficult to monitor for certain suspicious activities.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Auditing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add other products to service trust portal

    As a CEO of a UK SME Microsoft Gold Dev Partner, we are like all SME's overwhelmed by GDPR and other compliance needs. The Service Trust Portal is Excellent. But only covers office 365 and Azure. I wouldnt expect microsoft to assess or be responsible for 3rd party products but, the system is lovely and easy to use so, it would be great if:
    1. There were API's or other extensions we could use to develop our own "plugin" to the trust centre so that we could allow our customers to manage GDPR for our application in the same way…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  15. Supervion email report results are slow to update in Security and Compliance portal

    Email supervision documentation suggests the supervisory email report is way to view "live" activity. The report is very slow to include new activity - a minimum of 24 hours and even longer seems to be the norm.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. eDiscovery screens that are user friendly for legal.

    Legal should just have to pick the user name to put on hold and have check boxes to say put their email, onedrive on hold. They should not have to know the OneDrive URL. Also a check box to put the user's team chat and teams the user is in on hold. For SharePoint let user pick the name of the teamsite to put on hold not have to rely on IT person to provide URLs to legal. Also we recently learned that when a user is on a Hold and their name changes in O365 email and Onedrive, that…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. Original, unique and quality content writing, blog, article writing services

    Suprams Info Solution has established its name in the field of providing content writing services and responsibilities of content writing for websites blog and articles . Primarily based as content writing company in delhi takes up all. After studying a lot of trends, it knows how to approach all kinds of audience. Website:- https://issuu.com/supramsinfosolution/docs/originaluniqueandquality_conten

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Trust Portal  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow E-Discovery for Exchange Online Archiving

    We are at the moment in a hybrid scenario where part of our users have their mailboxes on premise and the archives in Office 365. Recently we noticed that we do not have any option for actually exporting the Exchange Online Archive contents to a pst, outside of doing it from Outlook (we are in a Citrix environment and users are located in different countries so that would not be easy).
    It would be great if we had an option to search/export the archive contents for hosted archives.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  19. How do I get admin rights on my PC: I cant even access this portal and this is my personal PC https://portal.microsoftonline.com/.

    Please can someone contact me to help me get admin rights to my personal PC. Cant even log on to this portal and I own office 365?

    https://portal.microsoftonline.com/.

    can someone please help

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Advanced Security Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. Auto-run queries and auto-save files

    Allow specified queries to run at a pre-determined time every day and send an email notification if there are any hits on the word search. And, automatically save an audit file to a specific drive.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base