Feedback by UserVoice

Scott Carlow

My feedback

  1. 3,155 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    60 comments  ·  Office 365 Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Scott Carlow supported this idea  · 
  2. 3,846 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    160 comments  ·  Office 365 Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Scott Carlow supported this idea  · 
  3. 3,090 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    108 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Scott Carlow supported this idea  · 
  4. 3,504 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    196 comments  ·  Office 365 Security & Compliance  ·  Flag idea as inappropriate…  ·  Admin →

    Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

    That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.

    That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.

    An error occurred while saving the comment
    Scott Carlow commented  · 

    This should absolutely be considered a basic security setting. Conditional Access policies, and the licensing that ability comes with, shouldn't be necessary to outright deny auth attempts from certain geographical regions.

    Scott Carlow supported this idea  · 
  5. 6,310 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    165 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →

    We announced at Ignite that we are actively working on bringing dynamic plus aliases to Office 365.
    To get around existing usage, the plan is for an opt-in setting. Our ETA is to have this available for all customers by the third quarter of 2020.
    I will keep you updated in Uservoice on our progress.

    An error occurred while saving the comment
    Scott Carlow commented  · 

    A bit late, but to the person who asked this:

    "The E-mail standard says that comments can be included by surrounding them in () at the beginning or end of the local part. Example:

    someAddy(someComment)@foo.com

    - or -

    (someComment)someaddy@foo.com

    Has anyone tried this with 365?"

    You are referencing RFC822, which was made obsolete be RFC2822. "Comments" are referring to things like the friendly name of a person or system name, and that syntax was replaced with addr-spec (e.g. [Comment or folding whitespace] "<"local@domain">". So in any case, this is not subaddressing, but addressing syntax.

    That said, It's mind boggling that outlook.com implements this but not Office 365. While 365 accepts messages from addresses that use subaddressing and you can add subaddresses to mailboxes via Powershell and ECP, the implementation is quite poor especially when compared to their own *consumer* product. I am extremely surprised that Business and Enterprise clients even need to ask for this.

    Scott Carlow supported this idea  · 
  6. 82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Scott Carlow supported this idea  · 

Feedback and Knowledge Base