Feedback by UserVoice

Office 365 Security & Compliance

← Customer Feedback for Microsoft Office 365

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

How can we improve compliance or protect your users better in Office 365?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

When an admin closes an idea you've voted on, you'll get your votes back from that idea.
You can remove your votes from an open idea you support.
To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".

Enter your idea

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

DMARC Aggregate Reports from O365 Domains

Ability for Office 365 to send DMARC Aggregate reports when set in a monitoring policy to see which aouthorised\unauthorised senders are using my domain suffix... just like other vendors are already doing.

3,740 votes

Vote

Sign in
prestine

(thinking…)

Sign in with: Facebook Google

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

You have left! (?) (thinking…)

110 comments · Spam & Phishing · Flag idea as inappropriate… · Delete… · Admin →

in the plans · AdminSean S (Admin, Microsoft Office 365) responded

This is work we are planning to do although there is no ETA at this time.
OneDrive for Business unable to perform delete folder directly caused by Retention Policy

Dear Microsoft,

OneDrive for Business is one of the useful tools for cloud storage whereby end user should be able to folders (even got files inside) easily even being applied with retention policy.

Retention policy is suppose used on backend which not suppose to affect on OneDrive for Business usage. We are have 500 users getting impact on this. (and i assume all users having this issue as Microsoft support tested having this issue - "behaviour")

I was informed by Microsoft that this is by default preservation policy design behaviour, which I think this is not consider design behavior anymore as is causing the OneDrive for business folder deletion problem.Again, retention policy on OneDrive shouldn’t affect the folder deletion method as there is No Different that user can either delete all the files inside and delete the folder, or delete the entire folder directly.

Please fix this problem as soon as possible, otherwise this issue is serious discourage people to use the retention policy feature. Email me if seriously looking into this issue.

Dear Microsoft,

OneDrive for Business is one of the useful tools for cloud storage whereby end user should be able to folders (even got files inside) easily even being applied with retention policy.

Retention policy is suppose used on backend which not suppose to affect on OneDrive for Business usage. We are have 500 users getting impact on this. (and i assume all users having this issue as Microsoft support tested having this issue - "behaviour")

I was informed by Microsoft that this is by default preservation policy design behaviour, which I think this is not consider design behavior anymore…

739 votes

Vote

Sign in
prestine

(thinking…)

Sign in with: Facebook Google

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

You have left! (?) (thinking…)

45 comments · Information Governance and Records Management · Flag idea as inappropriate… · Delete… · Admin →

in the plans · AdminNick Robinson (Admin, Microsoft Office 365) responded

Working on the design for this currently. Will update status as we make progress.
Allow Settings for Message Expiration Timeout Interval and NDR

For some error codes related to sending mails, the senders may receive the NDR immediately. However, for some other error codes, the mail server marks the undeliverable messages as a temporary error and the senders doesn't immediately receive an NDR. Instead, Exchange Online repeatedly tries to deliver the message over two days. Only after two days of unsuccessful delivery attempts does the sender receive this NDR.

For some time critical businesses this is not acceptable. The user has to be informed very quickly (<6 hours) that his Mail was not delivered by now. Then the user can phone the recipient or sent the mail to another address. I do not care if exchange online continues trying to send the message after 6 hours, but the user has to be informed.

Exchange Server 2016 an older allowed customization of the Message Expiration Timeout Interval and NDR Settings. Please add this to ExchangeOnline

For some error codes related to sending mails, the senders may receive the NDR immediately. However, for some other error codes, the mail server marks the undeliverable messages as a temporary error and the senders doesn't immediately receive an NDR. Instead, Exchange Online repeatedly tries to deliver the message over two days. Only after two days of unsuccessful delivery attempts does the sender receive this NDR.

For some time critical businesses this is not acceptable. The user has to be informed very quickly (<6 hours) that his Mail was not delivered by now. Then the user can phone the recipient…

516 votes

Vote

Sign in
prestine

(thinking…)

Sign in with: Facebook Google

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

You have left! (?) (thinking…)

54 comments · Flag idea as inappropriate… · Delete… · Admin →

in the plans · AdminScott Landry (Senior Program Manager, Microsoft Office 365) responded

Today, based on feedback, we’ve lowered the timeout to 24 hours. In the future, we are planning more improvements, although we do not have any dates or details to share at this time. Thank you for the continued feedback.
Make sure that Exchange Online mailboxes are enabled for auditing

The big problem with mailbox auditing – for both Exchange on-premises and Exchange Online – is that you must enable it for mailboxes to start recording audit events. If you do not enable auditing for a mailbox, Exchange assumes that you don’t care about what’s going on and captures nothing. When the time comes to search the Office 365 audit log, you get a big fat blank. Microsoft should either enable all EXO mailboxes for auditing or allow tenants to update mailbox plans to ensure that new mailboxes are enabled upon creation.

479 votes

Vote

Sign in
prestine

(thinking…)

Sign in with: Facebook Google

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

You have left! (?) (thinking…)

in the plans · 21 comments · Auditing · Flag idea as inappropriate… · Delete… · Admin →
Email notification of Quarantined Emails for Admins

In addition to the below feature, quarantine should have an email notification for Admins (option or to be enabled) so that they can review and can release or delete accordingly via a link that is included in the email. Cannot rely on end user to release...

————-
Share: Updated feature: Email quarantine capabilities

186 votes

Vote

Sign in
prestine

(thinking…)

Sign in with: Facebook Google

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

You have left! (?) (thinking…)

in the plans · 11 comments · Advanced Security Management · Flag idea as inappropriate… · Delete… · Admin →
Add CIS Benchmark for O365 & Azure to Compliance Manager Templates

Please can you add the CIS Benchmark Template for O365 & Azure in the Compliance Manager.

Thanks!

5 votes

Vote

Sign in
prestine

(thinking…)

Sign in with: Facebook Google

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

You have left! (?) (thinking…)

1 comment · Compliance Manager · Flag idea as inappropriate… · Delete… · Admin →

in the plans · AdminBarbara Feldon (Office 365 Customer Experience, Microsoft Office 365) responded

Thanks for reaching out. We have added this assessment in our roadmap based on feedback. We are planning to release it in the near future

Don't see your idea?

(thinking…)

Facebook

Google

Forgot password?

Create a password

Signed in as (Sign out)