Microsoft Information Protection (MIP)
-
Allow mailbox delegates to access protected content on behalf of managers
If a user is a designated delegate of a mailbox of another user, allow them to access content protected to that user
87 votes -
An easy way to request and be granted additional rights to already protected documents
Make it easy for document owners to receive requests for additional rights to protected documents and have that update all copies of that document i.e. maintain a central rights catalog
77 votesHi. As we are working on the design and prioritization of this feature, we can use your feedback.
Please fill out the survey below to share insight about your needs and scenarios:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3Dv4j5cvGGr0GRqy180BHbR0TnOgTGLuxFuHKl_V7u_kBUNzJLWjhONkc1QzUzU1cyVFVZMlFVVllSMC4u&data=04%7C01%7Cesaggese%40microsoft.com%7C4fed8e251ab44a77762908d6dc67f0cf%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636938736341010216%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C-1&sdata=8Kwg5fLxoD1gjbRz4UGquNd6D8R7pimqvoMkszg2RU4%3D&reserved=0 -
Allow Journal decryption in OME
Currently RMS-encrypted mails can be decrypted for the purposes of journaling, but OME-encrypted mails - even though also based on RMS - does not have the same option. Set-IRMConfiguration -JournalReportDecryptionEnabled $true is used to enable RMS journal decryption. I suggest something similar is developed and made available for OME.
54 votes -
Encrypt Only as an outcome of a sensitivity label
The new version of OME that is now more integrated into AIP needs to have an encrypt only option such as you can configure using the message classification configuration.
The DNF use case is too restrictive for our organisation.
Thank you for consideration.
49 votes -
Allow for adjusting the link expiration time for an OME v2 encrypted message.
Currently it appears set at 2 months. Would like to see ability to increase/decrease. Maybe max 1 year? Not sure the exact max needed, it would likely change by customer needs/retention policy.
44 votes -
Read receipt for when encrypted email is read.
Products like ZIX are able to deliver a notification when someone reads the encrypted message they were sent.
Our Customer has requested this feature to be added in O36538 votes -
Office apps on all platforms move to AES256/CBC (from AES128/ECB)
Update the encryption to 256 from 128 on all Office endpoints
27 votes -
Allow policies not to automatically grant owner right to document creators
While document creators have by definition unrestricted access to the data they add to the document, having owner rights would allow them to later extract data others have added to the documents they created. Owner rights also allow creators to downgrade classification on documents that have already been classified.
The suggestion is to have a setting on each policy that when enabled does not automatically grant the creator of a document full control rights or the ability to reclassify once the document is closed. This should enable revocation of access for content creators and would also prevent such users from…23 votes -
Prevent FullAccess delegated Users to read Protected Mails in OWA!
If a user (secretary) has "Full Access Permission" to the Mailbox of another User (her Boss) she can't read protected mails in Outlook which is ok BUT: she is able to read them if she opens the other users mailbox in OWA. This is a serious security problem and shoud be fixed immediately.
Only the MailboxOwner should be able to read protected Mails.22 votesWhile some of our customers consider access by a mailbox delegate a problem, others have said they consider it a must have (e.g. for executives whose admin does all their email). In some cases, both behaviors are necessary within the same organization.
We are evaluating possibilities for implementing a solution that addresses both cases. -
Enable the encrypt button in Outlook for Business Premium subscriptions
Enable the OME encrypt button in Outlook for users with a Business Premium with OME bolted on. This appears in OWA so why shouldn't it also be available in Outlook. If you are paying for the licence you should get the tools you need to use it.
16 votes -
Block email if manager attribute is empty in message approvals
message approval action in transport rule will check for empty manager attribute and if manager attribute is empty then will block or reject the message.
14 votes -
Split "track" and "revoke" functionality
As we sometimes see the need for revoking access to a content, but not necessarily tracking of it (due to privacy reasons), it would be great if these two functionalities are not bundled but can be enabled separately. The workaround to enable the "do not track" company wide, and hence use the revocation could work, but still the button label "Track and Revoke" may mislead the users.
14 votes -
Office 365 Message Encryption - One time passcode not working outside Microsoft system
The one time passcode was working few weeks ago for people outside of our organization, but it is no longer working and nothing has been changed from our end. I have been on a call with Microsoft Support and they told me that will not work with Gmail, which is not acceptable because our clients have their domain integrated with Google and they are using Gmail. It is also not working with Yahoo as well. OTP works with Hotmail because it is a Microsoft product. I know it works using a Microsoft Live account but that is not the point.…
13 votes -
Office 365 Message Encryption: Set Custom Subject in Notification Email
When an email with OME is sent, it is delivered to the recipient as a notification with instructions to view the message on the portal. The body of that notification is changed, but the subject of the original email is preserved. Please provide the option (another parameter in Set-OMEConfiguration) to set a custom subject for that notification email while still preserving the original subject when the recipient views the email in the portal.
For example, allow an administrator to replace the notification email's subject with something like "You have a new encrypted message." Ideally, it would be great if we…
12 votes -
Protection with user-defined permissions should allow additional settings. e.g setting Allow Offline Access which is not set by Office
When setting Protection policy with Set User Defined Permissions, the Admin should be able to include settings like Allow Offline Access within the Protection policy. This would then act the same as a protection policy with no users defined except for the Allow Offline Access setting, and the Office user selecting users and permissions.
10 votes -
SMTP through Exchange Online with Azure Info Protect
It would be great if mail messages generated and sent via a PowerShell or Telnet SMTP sessioin could make use of Azure Info Protect instead of RMS.
For example, if I enter the command:
PS C:\Users\fakeuser> Send-MailMessage -From noreply@blah.com -To fakedude@gmail.com -Subject "Testing Encryption Again2" -Bo
dy "Test PowerShell message send which should be encrypted" -SmtpServer smtp.office365.com -Credential $msolcred -UseSs
l -Port 587Currently, I can only get either of 2 outcomes by doing this:
1.) If I change a label to detect the use of a keyword (i.e. the word "credentials") and then apply 'Highly Confidential', AIP does not…10 votes -
S/MIME different digital certificate can be associated to different (correspondingly verified) email accounts of the same profile.
S/MIME different digital certificate can be associated to different (correspondingly verified) email accounts of the same profile. Outlook should have the option of associating different "signature blocks" to different emails to associate different digital certificates to the respective verified email/account.
9 votes -
Simply enroll S/MIME certificates to users with 3rd Party Certificate Authority
Enrolling S/MIME certificates for email encryption/signing is such a pain. Could Microsoft team up with a 3rd Party CA like Thawte and easily enroll and configure this certificate to users in the organization? Microsoft should be able to configure the certificate in Outlook Client, Web Access and Outlook Apps without any user interaction required.
9 votes -
DKIM sign all internal e-mails
On a tenant with DKIM configured and enabled, using a domain with a configured DMARC policy, Microsoft does not DKIM sign the message.
This might seem fine to Microsoft, the message originates and terminates within their system, and to Microsoft there's no reason to enable features that allow other systems to verify the authenticity of those e-mails.
This ignores third party e-mail filters that hook in to O365 to catch phishing attempts. Phishing of internal e-mail domains would be the most difficult to catch for average users.
Another scenario not involving third party tech solutions is this that DMARC alignment…
7 votes -
OWA should respect message expiration rules
When an inbound rule causes content expiration (for example, message expires after 3 days), then the messages is expired and no longer accessible in Outlook Desktop for Mac and Windows, BUT is still plainly visible in OWA with all content. OWA even shows a message saying "This message will expire on: <date in the past>" and still shows the full message and attachments. A huge gap in security, not sure how this even meets an MVP for this capability.
5 votes
- Don't see your idea?