If a user is a designated delegate of a mailbox of another user, allow them to access content protected to that user

Office 365 Message Encryption can be leveraged in case of a delegated inbox scenario. If an encrypted message is sent to a person who's inbox is delegated e.g. to a secretary the delegated has the ability to request a one-time passcode to the delegated inbox and so full access on the OME protected message can be gained.

This scenario could be avoided by sending the one-time passcode using SMS because then the delegated has no access to the one-time passcode.

Make it easy for document owners to receive requests for additional rights to protected documents and have that update all copies of that document i.e. maintain a central rights catalog

Currently RMS-encrypted mails can be decrypted for the purposes of journaling, but OME-encrypted mails - even though also based on RMS - does not have the same option. Set-IRMConfiguration -JournalReportDecryptionEnabled $true is used to enable RMS journal decryption. I suggest something similar is developed and made available for OME.

Currently it appears set at 2 months. Would like to see ability to increase/decrease. Maybe max 1 year? Not sure the exact max needed, it would likely change by customer needs/retention policy.

The new version of OME that is now more integrated into AIP needs to have an encrypt only option such as you can configure using the message classification configuration.

The DNF use case is too restrictive for our organisation.

Thank you for consideration.

Products like ZIX are able to deliver a notification when someone reads the encrypted message they were sent.
Our Customer has requested this feature to be added in O365

Update the encryption to 256 from 128 on all Office endpoints

message approval action in transport rule will check for empty manager attribute and if manager attribute is empty then will block or reject the message.

Enable the OME encrypt button in Outlook for users with a Business Premium with OME bolted on. This appears in OWA so why shouldn't it also be available in Outlook. If you are paying for the licence you should get the tools you need to use it.

As we sometimes see the need for revoking access to a content, but not necessarily tracking of it (due to privacy reasons), it would be great if these two functionalities are not bundled but can be enabled separately. The workaround to enable the "do not track" company wide, and hence use the revocation could work, but still the button label "Track and Revoke" may mislead the users.

When setting Protection policy with Set User Defined Permissions, the Admin should be able to include settings like Allow Offline Access within the Protection policy. This would then act the same as a protection policy with no users defined except for the Allow Offline Access setting, and the Office user selecting users and permissions.

Disabling Exchange ActiveSync for the entire organization in Cloud environment is not that effective, currently Disable will apply only to current users available in tenant. For newly added users the process need to be repeated. Its difficult task for a bigger organization to apply policy for every newly added users. It's better to have one option to disable Exchange ActiveSync for entire tenant.

Enrolling S/MIME certificates for email encryption/signing is such a pain. Could Microsoft team up with a 3rd Party CA like Thawte and easily enroll and configure this certificate to users in the organization? Microsoft should be able to configure the certificate in Outlook Client, Web Access and Outlook Apps without any user interaction required.

S/MIME different digital certificate can be associated to different (correspondingly verified) email accounts of the same profile. Outlook should have the option of associating different "signature blocks" to different emails to associate different digital certificates to the respective verified email/account.

If a user (secretary) has "Full Access Permission" to the Mailbox of another User (her Boss) she can't read protected mails in Outlook which is ok BUT: she is able to read them if she opens the other users mailbox in OWA. This is a serious security problem and shoud be fixed immediately.
Only the MailboxOwner should be able to read protected Mails.