Feedback by UserVoice

Douglas Plumley

My feedback

  1. 403 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for taking the time to provide this feedback. We’ve updated the TechNet documentation (https://technet.microsoft.com/library/mt842508(v=exchg.150).aspx) to clear up confusion around which authentication type and protocol combinations are supported in CARs. Expanding support for more combinations could prevent bad actors with valid credentials from accessing mailbox content, but it wouldn’t help with scenarios like password spray attacks or malicious lockout attempts because CARs are evaluated post-authentication. There’s work underway on a solution that covers a broader array of basic authentication scenarios – we’ll share more details as soon as possible. In the interim, this blogpost (https://cloudblogs.microsoft.com/enterprisemobility/2018/03/05/azure-ad-and-adfs-best-practices-defending-against-password-spray-attacks/) outlines the recommended approach for forcing multi-factor authentication when using AAD and ADFS.

    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Can you add SMTP to the "Authentication types and protocols" list as well please?

    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Supporting restrictions on the SMTP protocol is a must as well.

    Douglas Plumley supported this idea  · 
  2. 330 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    23 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  3. 293 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Office 365 Suite Navigation Bar  ·  Flag idea as inappropriate…  ·  Admin →
  4. 13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  5. 138 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Office 365 Security & Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  6. 4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas Plumley shared this idea  · 
  7. 4,293 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    193 comments  ·  Microsoft 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →

    Hi! As we announced during Ignite this year, we are releasing an open source tool by the end of the year that can be used to pull in one or more security groups (nested or not) into the membership of large Microsoft 365 Groups. The membership will be pulled in as a flat list and kept in sync with the security group membership. Having Azure subscriptions is a pre-requisite to using this tool. If you have an urgent and immediate need for the tool, please reach out to GMMSupport@service.microsoft.com for a download link. Microsoft is releasing the tool without support, other than answering questions about how we use it internally. Link to the demo video: https://aka.ms/Admin1011

    Douglas Plumley supported this idea  · 
  8. 20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Microsoft Connections email marketing  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Yep! Could definitely see this being used in education, today we have to refer people to MailChimp.

    Douglas Plumley supported this idea  · 
  9. 109 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Douglas Plumley commented  · 

    It would be great if we could utilize labels in Azure AD conditional access policies as well, this would allow us to require MFA when a user is accessing sensitive content.

    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Recently classification labels were introduced in the Security & Compliance Center to help with retention of certain types of data classifications.

    We also have Azure Information Protection sensitivity labels (personal, public, internal, confidential, secret).

    DLP sensitive information types are good, but it would be even better if we could simply label groups of data as sensitive and apply DLP vs. trying to determine they are sensitive via the DLP sensitive information types. This would remove the complexity of trying to create custom sensitive information types when the out of the box types don't meet your needs.

    Douglas Plumley supported this idea  · 
  10. 22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley shared this idea  · 
  11. 604 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thank you for taking the time to submit this feedback. Since there are multiple pieces and layers of feedback in this single post, it makes it more difficult than many to address. First, let us share a little about what we’ve been doing. Since this post was made, we have prioritized performance and reliability improvements for both Message Trace (inside 7 days) and Historical Search (typically outside of 7 days). We’ve added details to Message Trace that weren’t there before, decreasing the need to run Historical Searches inside of 7 days. For Historical Search, we have improved the results to be more clear for those who are not familiar with the Exchange Message Tracking log format. Additionally, while we get the total value of Message Trace, we’ve also prioritized reducing the constant need to search & destroy. We’ve made tremendous strides in effectiveness, even as the bad guys got more…

    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Glad to hear you are considering improving subject based searching. The only solution we have today is to dump all our message traces to file/memory and then search by subject over that. From a load perspective that means we might be dumping several hundred thousand messages just to find one message.

    It's an unnecessary, hugely inefficient load on your infrastructure and a lot of time wasted for us.

    Douglas Plumley supported this idea  · 
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Search by subject and direction (inbound/outbound) would be really helpful.

  12. 16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Microsoft 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
  13. 47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas Plumley shared this idea  · 
  14. 61 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas Plumley supported this idea  · 
  15. 18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    Why couldn't you just take the value of the TXT record the CNAME points to and implement it as a TXT record you host? The challenge here is when keys are rotated you will have to manually update the TXT record.

    The CNAME is convenient, several other SMTP services use the same method.

  16. 210 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Office 365 Security & Compliance » Malware  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    The lack of information & reporting available for ZAP is frustrating, makes the product all but useless.

  17. 221 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Office 365 Security & Compliance » Malware  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    I second this, not being able to wild card your root domain is super frustrating.

  18. 33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Office 365 Security & Compliance  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Douglas Plumley commented  · 

    If this is a plaintext email I think it's expected to see ATP rewrite the text/hyperlink as they aren't separate like with a HTML message.

  19. 165 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Office 365 Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Douglas Plumley supported this idea  · 

Feedback and Knowledge Base