Feedback by UserVoice

Douglas Plumley

My feedback

  1. 378 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for taking the time to provide this feedback. We’ve updated the TechNet documentation (https://technet.microsoft.com/library/mt842508(v=exchg.150).aspx) to clear up confusion around which authentication type and protocol combinations are supported in CARs. Expanding support for more combinations could prevent bad actors with valid credentials from accessing mailbox content, but it wouldn’t help with scenarios like password spray attacks or malicious lockout attempts because CARs are evaluated post-authentication. There’s work underway on a solution that covers a broader array of basic authentication scenarios – we’ll share more details as soon as possible. In the interim, this blogpost (https://cloudblogs.microsoft.com/enterprisemobility/2018/03/05/azure-ad-and-adfs-best-practices-defending-against-password-spray-attacks/) outlines the recommended approach for forcing multi-factor authentication when using AAD and ADFS.

    Douglas Plumley commented  · 

    Can you add SMTP to the "Authentication types and protocols" list as well please?

    Douglas Plumley commented  · 

    Supporting restrictions on the SMTP protocol is a must as well.

    Douglas Plumley supported this idea  · 
  2. 308 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    23 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  3. 703 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    24 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley supported this idea  · 
  4. 705 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  5. 13 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  6. 133 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Office 365 Security & Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  7. 380 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Office 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley supported this idea  · 
  8. 615 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Added to the roadmap (https://products.office.com/en-us/business/office-365-roadmap) for tracking. As mentioned earlier, we’re also looking very seriously at Authenticated Received Chain, which is in draft, but has good momentum for adoption. We hope to report back soon on that as well.

    If you’re interested in signing your tenant up early to help us test this out, be sure to give us your email address so you can receive an invitation when we’re ready!

    Douglas Plumley commented  · 

    Hi All,

    SPF SRS was posted to the public roadmap yesterday, looks like we are getting closer!

    https://products.office.com/en-US/business/office-365-roadmap?filters=&freeformsearch=sender#abc

    Douglas Plumley shared this idea  · 
  9. 4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas Plumley shared this idea  · 
  10. 2,463 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    tell us more  ·  113 comments  ·  Office 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley supported this idea  · 
  11. 19 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Microsoft Connections email marketing  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley commented  · 

    Yep! Could definitely see this being used in education, today we have to refer people to MailChimp.

    Douglas Plumley supported this idea  · 
  12. 111 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas Plumley commented  · 

    It would be great if we could utilize labels in Azure AD conditional access policies as well, this would allow us to require MFA when a user is accessing sensitive content.

    Douglas Plumley shared this idea  · 
  13. 113 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Office 365 Security & Compliance » eDiscovery  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley commented  · 

    This sounds like a bug, you might open this with MS Premier Support and address it with them.

  14. 16 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley shared this idea  · 
  15. 441 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thank you for taking the time to submit this feedback. Since there are multiple pieces and layers of feedback in this single post, it makes it more difficult than many to address. First, let us share a little about what we’ve been doing. Since this post was made, we have prioritized performance and reliability improvements for both Message Trace (inside 7 days) and Historical Search (typically outside of 7 days). We’ve added details to Message Trace that weren’t there before, decreasing the need to run Historical Searches inside of 7 days. For Historical Search, we have improved the results to be more clear for those who are not familiar with the Exchange Message Tracking log format. Additionally, while we get the total value of Message Trace, we’ve also prioritized reducing the constant need to search & destroy. We’ve made tremendous strides in effectiveness, even as the bad guys got more…

    Douglas Plumley commented  · 

    Glad to hear you are considering improving subject based searching. The only solution we have today is to dump all our message traces to file/memory and then search by subject over that. From a load perspective that means we might be dumping several hundred thousand messages just to find one message.

    It's an unnecessary, hugely inefficient load on your infrastructure and a lot of time wasted for us.

    Douglas Plumley supported this idea  · 
    Douglas Plumley commented  · 

    Search by subject and direction (inbound/outbound) would be really helpful.

  16. 16 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Office 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
  17. 41 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas Plumley shared this idea  · 
  18. 56 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    thinking about it  ·  1 comment  ·  Office 365 Security & Compliance » Malware  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley supported this idea  · 
  19. 18 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas Plumley commented  · 

    Why couldn't you just take the value of the TXT record the CNAME points to and implement it as a TXT record you host? The challenge here is when keys are rotated you will have to manually update the TXT record.

    The CNAME is convenient, several other SMTP services use the same method.

  20. 179 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Office 365 Security & Compliance » Malware  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley commented  · 

    The lack of information & reporting available for ZAP is frustrating, makes the product all but useless.

← Previous 1

Feedback and Knowledge Base