Feedback by UserVoice

Douglas Plumley

My feedback

  1. 394 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for taking the time to provide this feedback. We’ve updated the TechNet documentation (https://technet.microsoft.com/library/mt842508(v=exchg.150).aspx) to clear up confusion around which authentication type and protocol combinations are supported in CARs. Expanding support for more combinations could prevent bad actors with valid credentials from accessing mailbox content, but it wouldn’t help with scenarios like password spray attacks or malicious lockout attempts because CARs are evaluated post-authentication. There’s work underway on a solution that covers a broader array of basic authentication scenarios – we’ll share more details as soon as possible. In the interim, this blogpost (https://cloudblogs.microsoft.com/enterprisemobility/2018/03/05/azure-ad-and-adfs-best-practices-defending-against-password-spray-attacks/) outlines the recommended approach for forcing multi-factor authentication when using AAD and ADFS.

    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Can you add SMTP to the "Authentication types and protocols" list as well please?

    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Supporting restrictions on the SMTP protocol is a must as well.

    Douglas Plumley supported this idea  · 
  2. 330 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    23 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  3. 6,453 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    174 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley supported this idea  · 
  4. 293 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Office 365 Suite Navigation Bar  ·  Flag idea as inappropriate…  ·  Admin →
  5. 13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  6. 138 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Office 365 Security & Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  7. 378 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Office 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley supported this idea  · 
  8. 4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas Plumley shared this idea  · 
  9. 3,281 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    153 comments  ·  Office 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley supported this idea  · 
  10. 20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Microsoft Connections email marketing  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Yep! Could definitely see this being used in education, today we have to refer people to MailChimp.

    Douglas Plumley supported this idea  · 
  11. 70 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Douglas Plumley commented  · 

    It would be great if we could utilize labels in Azure AD conditional access policies as well, this would allow us to require MFA when a user is accessing sensitive content.

    Douglas Plumley shared this idea  · 
  12. 19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley shared this idea  · 
  13. 559 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thank you for taking the time to submit this feedback. Since there are multiple pieces and layers of feedback in this single post, it makes it more difficult than many to address. First, let us share a little about what we’ve been doing. Since this post was made, we have prioritized performance and reliability improvements for both Message Trace (inside 7 days) and Historical Search (typically outside of 7 days). We’ve added details to Message Trace that weren’t there before, decreasing the need to run Historical Searches inside of 7 days. For Historical Search, we have improved the results to be more clear for those who are not familiar with the Exchange Message Tracking log format. Additionally, while we get the total value of Message Trace, we’ve also prioritized reducing the constant need to search & destroy. We’ve made tremendous strides in effectiveness, even as the bad guys got more…

    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Glad to hear you are considering improving subject based searching. The only solution we have today is to dump all our message traces to file/memory and then search by subject over that. From a load perspective that means we might be dumping several hundred thousand messages just to find one message.

    It's an unnecessary, hugely inefficient load on your infrastructure and a lot of time wasted for us.

    Douglas Plumley supported this idea  · 
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Search by subject and direction (inbound/outbound) would be really helpful.

  14. 16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Office 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
  15. 44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas Plumley shared this idea  · 
  16. 61 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas Plumley supported this idea  · 
  17. 18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Why couldn't you just take the value of the TXT record the CNAME points to and implement it as a TXT record you host? The challenge here is when keys are rotated you will have to manually update the TXT record.

    The CNAME is convenient, several other SMTP services use the same method.

  18. 208 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Office 365 Security & Compliance » Malware  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    The lack of information & reporting available for ZAP is frustrating, makes the product all but useless.

  19. 211 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Office 365 Security & Compliance » Malware  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    I second this, not being able to wild card your root domain is super frustrating.

  20. 30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Office 365 Security & Compliance  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    If this is a plaintext email I think it's expected to see ATP rewrite the text/hyperlink as they aren't separate like with a HTML message.

← Previous 1

Feedback and Knowledge Base