Office 365 Security & Compliance
We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.
Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!
How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post
Thanks for joining our community and helping improve these features in Office 365!
Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.
-
DMARC Aggregate Reports from O365 Domains
Ability for Office 365 to send DMARC Aggregate reports when set in a monitoring policy to see which aouthorised\unauthorised senders are using my domain suffix... just like other vendors are already doing.
3,160 votesThis is work we are planning to do although there is no ETA at this time.
-
DNSSEC support in Office 365
Please add DNSSEC support for managed domains in Office 365 business (enterprise) plans
2,046 votesWe are currently looking into possible solutions but have no concrete plans to share
-
OneDrive for Business unable to perform delete folder directly caused by Retention Policy
Dear Microsoft,
OneDrive for Business is one of the useful tools for cloud storage whereby end user should be able to folders (even got files inside) easily even being applied with retention policy.
Retention policy is suppose used on backend which not suppose to affect on OneDrive for Business usage. We are have 500 users getting impact on this. (and i assume all users having this issue as Microsoft support tested having this issue - "behaviour")
I was informed by Microsoft that this is by default preservation policy design behaviour, which I think this is not consider design behavior anymore…
645 votesWorking on the design for this currently. Will update status as we make progress.
-
Allow Settings for Message Expiration Timeout Interval and NDR
For some error codes related to sending mails, the senders may receive the NDR immediately. However, for some other error codes, the mail server marks the undeliverable messages as a temporary error and the senders doesn't immediately receive an NDR. Instead, Exchange Online repeatedly tries to deliver the message over two days. Only after two days of unsuccessful delivery attempts does the sender receive this NDR.
For some time critical businesses this is not acceptable. The user has to be informed very quickly (<6 hours) that his Mail was not delivered by now. Then the user can phone the recipient…
506 votesToday, based on feedback, we’ve lowered the timeout to 24 hours. In the future, we are planning more improvements, although we do not have any dates or details to share at this time. Thank you for the continued feedback.
-
Make sure that Exchange Online mailboxes are enabled for auditing
The big problem with mailbox auditing – for both Exchange on-premises and Exchange Online – is that you must enable it for mailboxes to start recording audit events. If you do not enable auditing for a mailbox, Exchange assumes that you don’t care about what’s going on and captures nothing. When the time comes to search the Office 365 audit log, you get a big fat blank. Microsoft should either enable all EXO mailboxes for auditing or allow tenants to update mailbox plans to ensure that new mailboxes are enabled upon creation.
455 votes -
Compliance admins should be able to delete labels marked as record
Under Classifications, a label created and marked as Record cannot be later changed or, more importantly, deleted by any administrator. As an admin can remove a document from bearing the status of record, they should therefore be able to delete a label with Record status. The combination of Record and Delete after 'x' years is very dangerous - not to mention a department may update their requirements in time.
195 votesConsidering options for enabling administration of record labels without compromising core functionality of a record label.
-
Allow the ability to delete a retention label definition in S&C Center if 'Record' classification
If you've created a retention label in the Security & Compliance Center and have checked the 'Use label to classify content as a "Record"' checkbox, I would like the ability to delete the label under certain circumstances. If I've never used it, it's not published in any policy, I should be able to delete it. I've set up several "test" labels with this checkbox checked and there is no way (either thru the UI or thru PowerShell) to delete the label definition. Example: if you create a retention label and select the 'record' checkbox, save it and then immediately try…
134 votesConsidering options for this, see related user voice item for updates.
-
Retention Policy - Office 365 Groups - Separate Deletion settings for Exchange & SharePoint workload
Retention Policies for Office 365 Groups currently treat all resources the same (i.e. Exchange and SharePoint). We need the ability to configure email items to delete after X years, but not delete documents stored on SharePoint.
129 votesWorking on the design for this scenario, will update with progress.
-
Record retention label - Disable "Record Status" toggling feature
Based on Microsoft new feature release in Jan 2020, it allows user to toggle "Record status" to lock / unlock for a documents that are being applied with record retention labels. This feature is undesirable whereby it allows users with "members" rights to unlock and modify a record. We wish to have more control in terms of record handling and wish to disable this feature. Is there a way to hide this option from users and only allow site collection administrator to do so?
27 votesThanks for your submission – we have heard this from other customers, and it is on the backlog. Will update once work has commenced.
-
Add CIS Benchmark for O365 & Azure to Compliance Manager Templates
Please can you add the CIS Benchmark Template for O365 & Azure in the Compliance Manager.
Thanks!
5 votesThanks for reaching out. We have added this assessment in our roadmap based on feedback. We are planning to release it in the near future
- Don't see your idea?