Feedback by UserVoice

Zeff Wheelock

My feedback

  1. 512 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thank you for taking the time to submit this feedback. Since there are multiple pieces and layers of feedback in this single post, it makes it more difficult than many to address. First, let us share a little about what we’ve been doing. Since this post was made, we have prioritized performance and reliability improvements for both Message Trace (inside 7 days) and Historical Search (typically outside of 7 days). We’ve added details to Message Trace that weren’t there before, decreasing the need to run Historical Searches inside of 7 days. For Historical Search, we have improved the results to be more clear for those who are not familiar with the Exchange Message Tracking log format. Additionally, while we get the total value of Message Trace, we’ve also prioritized reducing the constant need to search & destroy. We’ve made tremendous strides in effectiveness, even as the bad guys got more…

    Zeff Wheelock supported this idea  · 
  2. 234 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    17 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    1. Click into “details”.
    2. Choose “connector report”.
    3. Choose “request report”.
    4. Answer the questions in the wizard, clicking “Next”, “Next”, and “Save”.
    5. Wait for the report to come to the email address specified. It will contain the following fields:
    message_id, direction, sender_address, recipient_address, connector_name, connector_type, tls_version, tls_cipher

    With the Message_Id value, you can combine this with MessageTrace to get the Subject.

    If this does not help, please provide more information as to the scenario and detail that is missing. Thank you for the feedback!

    Zeff Wheelock supported this idea  · 
  3. 69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Zeff Wheelock commented  · 

    Good to hear! Thanks!

    Zeff Wheelock supported this idea  · 
  4. 160 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Zeff Wheelock commented  · 

    This has been added in most part where you can audit for mailbox rule creation. Can this be marked as completed?

    Zeff Wheelock commented  · 

    From the Secure Score in Office 365: "Review mailbox forwarding rules weekly" - You should review mailbox forwarding rules to external domains at least every week. There are several ways you can do this, including simply reviewing the list of mail forwarding rules to external domains on all of your mailboxes using a PowerShell script, or by ***reviewing mail forwarding rule creation activity in the last week from the Audit Log Search***. While there are lots of legitimate uses of mail forwarding rules to other locations, it is also a very popular data exfiltration tactic for attackers. You should review them regularly to ensure your users' email is not being exfiltrated.

    Seems they jumped the gun on that capability.

    Zeff Wheelock supported this idea  · 
  5. 220 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Office 365 Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Zeff Wheelock supported this idea  · 
  6. 447 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Zeff Wheelock commented  · 

    I have an email transport rule. Apply This Rule If... The Recipient is located outside of the organization AND The message contains any of these sensitive information types... U.S. Social Security Number (SSN). Do the following: Encrypt the messages with the previous version of OME AND Notify the Sender with a policy tip: Notify the sender, but allow them to send. I am trying to add an exception Except If The Subject includes encrypt (or even message header Subjects includes encrypt). I get an error One of the conditions you specified can't be used for rules where you want to notify the sender. Error Details: The NotifySender action isn't compatible with 'Subject Contains' predicate. We want to notify our users when they do not secure an email correctly.

    Zeff Wheelock supported this idea  · 
  7. 72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Zeff Wheelock supported this idea  · 
  8. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Zeff Wheelock shared this idea  · 

Feedback and Knowledge Base