Feedback by UserVoice

pauld

My feedback

  1. 615 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    26 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    pauld commented  · 

    Bump! Our users are clamoring for this feature. We recently enabled Bulk Mail Filtering, which dramatically increased the amount of mail landing in quarantine.

    Shared mailbox users do not currently have any way to check the shared mailboxes quarantine in real-time.

    Shared mailbox users currently have to wait for the quarantine notification email to be sent, at a minimum frequency of once per day.

    Please provide a method for shared mailbox users to inspect the quarantine of the shared mailbox, and release messages, as needed.

    pauld supported this idea  · 
  2. 8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    pauld commented  · 

    Excellent idea. We would very much like to be able to place mail in per-user quarantine via rule.

    pauld supported this idea  · 
  3. 33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    pauld commented  · 

    One way to implement this would be to put in a two-stage spam filtering logic. In the first stage, the spam scores would be generated, and associated headers added to the message. After the first stage process, transport rules would kick in. Transport rules would be able to inspect and modify the header. Finally, after transport rules finished processing, the second spam filter stage would execute, enforcing the spam and bulk mail policies.

    Proposed order of processing:

    1) Edge Block
    2) Malware
    3) Spam, phishing, and bulk mail scoring
    4) Transport Rules
    5) Spam, phishing, and bulk mail policy enforcement
    6) Deliver to mailbox

    pauld shared this idea  · 
  4. 115 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    pauld commented  · 

    Display Custom Safety Tip as a new Rule Action would be better yet. If one or more Safety Tips could be raised via a mail flow/transport rule, we could easily control when they were displayed.

    We could, for example, suppress Safety Tips if the message has an SCL of -1, or if the sender is on the recipients trusted senders and domains list.*

    *Actually, this capability is probably a feature request, in and of itself.

    pauld shared this idea  · 
  5. 459 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    pauld commented  · 

    Administrators can now delete messages from the hosted quarantine with PowerShell. See Get-QuarantinedMessage and Delete-QuarantinedMessage. Update status of request?

    pauld commented  · 

    Admin's need this ability like, yesterday! We are seeing phishing attacks land in the quarantine left and right, but once they are there, there is nothing we can do about it.

    We know there are bad messages in the quarantine.
    We know that a certain percentages of users will be taken by the scam, just the same, and release the message from the quarantine.
    We know that a certain percentages of those users, how released the phishing message from quarantine, will then fall for the phish.

    Alas, this happens all too often.

    As admins, we are currently powerless to help. We really need a way to purge known bad messages from the quarantine.

  6. 18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    pauld shared this idea  · 
  7. 199 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Office 365 Security & Compliance » Malware  ·  Flag idea as inappropriate…  ·  Admin →
    pauld commented  · 

    ZAP is very promising. Additional reporting would be great, particularly from an incident response (IR) perspective.

    Please consider also adding:

    1) *did the recipient open the attachment before the attachment was "zapped"*.
    2) when was the attachment zapped.
    3) what was the SHA1/SHA256 hash of the attachment
    4) was the attachment zapped from any other mailboxes?
    5) why was the attachment zapped
    6) if malware was identified, please tell us the name/family.
    7) a time delta, between message delivery and zap intervention, would be nifty, too.

    Lastly, the ability to customize the language in the replacement attachment might be helpful, too.

    pauld supported this idea  · 
  8. 20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Office 365 Security & Compliance  ·  Flag idea as inappropriate…  ·  Admin →
  9. 41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    pauld supported this idea  · 
    pauld commented  · 

    Prefixing the URL with a long file name is problematic from an end-user education standpoint. We train users to inspect URLs before clicking on them. The long ATOP SafeLinks URLs are very unwieldy, particularly on mobile devices. Mobile phishing is becoming more and more of a problem.

    How about going with a shortened URL, and please, avoid the URL encoding (the browser will encode the link automatically, when the user clicks on it, IIRC). Here's a SafeLinks format that would be far easier to train to:

    https://atp.ms/?x=http://paypals.com/not-a-phish/reeally

  10. 9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    pauld commented  · 

    Agreed. The UX here doesn't work well, and his difficult to explain to end-users

Feedback and Knowledge Base