Feedback by UserVoice

Zeff Wheelock

My feedback

  1. 124 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Zeff Wheelock commented  · 

    "This will be addressed in month or so. Information will be removed from cmdlet."

    Guess not. Been 2 years almost and still the same.

    An error occurred while saving the comment
    Zeff Wheelock commented  · 

    Good to hear! Thanks!

    Zeff Wheelock supported this idea  · 
  2. 568 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thank you for taking the time to submit this feedback. Since there are multiple pieces and layers of feedback in this single post, it makes it more difficult than many to address. First, let us share a little about what we’ve been doing. Since this post was made, we have prioritized performance and reliability improvements for both Message Trace (inside 7 days) and Historical Search (typically outside of 7 days). We’ve added details to Message Trace that weren’t there before, decreasing the need to run Historical Searches inside of 7 days. For Historical Search, we have improved the results to be more clear for those who are not familiar with the Exchange Message Tracking log format. Additionally, while we get the total value of Message Trace, we’ve also prioritized reducing the constant need to search & destroy. We’ve made tremendous strides in effectiveness, even as the bad guys got more…

    Zeff Wheelock supported this idea  · 
  3. 246 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    21 comments  ·  Office 365 Security & Compliance » Reports  ·  Flag idea as inappropriate…  ·  Admin →

    1. Click into “details”.
    2. Choose “connector report”.
    3. Choose “request report”.
    4. Answer the questions in the wizard, clicking “Next”, “Next”, and “Save”.
    5. Wait for the report to come to the email address specified. It will contain the following fields:
    message_id, direction, sender_address, recipient_address, connector_name, connector_type, tls_version, tls_cipher

    With the Message_Id value, you can combine this with MessageTrace to get the Subject.

    If this does not help, please provide more information as to the scenario and detail that is missing. Thank you for the feedback!

    Zeff Wheelock supported this idea  · 
  4. 166 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    15 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Zeff Wheelock commented  · 

    This has been added in most part where you can audit for mailbox rule creation. Can this be marked as completed?

    An error occurred while saving the comment
    Zeff Wheelock commented  · 

    From the Secure Score in Office 365: "Review mailbox forwarding rules weekly" - You should review mailbox forwarding rules to external domains at least every week. There are several ways you can do this, including simply reviewing the list of mail forwarding rules to external domains on all of your mailboxes using a PowerShell script, or by ***reviewing mail forwarding rule creation activity in the last week from the Audit Log Search***. While there are lots of legitimate uses of mail forwarding rules to other locations, it is also a very popular data exfiltration tactic for attackers. You should review them regularly to ensure your users' email is not being exfiltrated.

    Seems they jumped the gun on that capability.

    Zeff Wheelock supported this idea  · 
  5. 427 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    16 comments  ·  Office 365 Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Zeff Wheelock supported this idea  · 
  6. 230 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Zeff Wheelock commented  · 

    I have an email transport rule. Apply This Rule If... The Recipient is located outside of the organization AND The message contains any of these sensitive information types... U.S. Social Security Number (SSN). Do the following: Encrypt the messages with the previous version of OME AND Notify the Sender with a policy tip: Notify the sender, but allow them to send. I am trying to add an exception Except If The Subject includes encrypt (or even message header Subjects includes encrypt). I get an error One of the conditions you specified can't be used for rules where you want to notify the sender. Error Details: The NotifySender action isn't compatible with 'Subject Contains' predicate. We want to notify our users when they do not secure an email correctly.

    Zeff Wheelock supported this idea  · 
  7. 72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Zeff Wheelock supported this idea  · 
  8. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Zeff Wheelock shared this idea  · 

Feedback and Knowledge Base