Feedback by UserVoice

Jesse Thompson

My feedback

  1. 14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    thinking about it  ·  3 comments  ·  Office 365 Suite Navigation Bar  ·  Flag idea as inappropriate…  ·  Admin →
    Jesse Thompson shared this idea  · 
  2. 193 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Microsoft 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Jesse Thompson commented  · 

    Based on the Admin response, I don't think Microsoft understands the problem being articulated.

  3. 29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Microsoft 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Jesse Thompson commented  · 

    This is my assumption. Given that distribution groups can't munge headers for DMARC compliance (similar to Mailman and Google Groups), Microsoft can't implement the feature to modify the subject because it would break DKIM signatures.

  4. 24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Microsoft 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
    Jesse Thompson shared this idea  · 
  5. 227 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Jesse Thompson commented  · 

    First, we need Microsoft to roll out the IP Skiplist so that DMARC actually works with hybrid ExO. I thought it was coming last summer. Please please please.

    Next, we need the entire internet to fix the forwarding issue (maybe ARC will work, but realistically we need MLMs to rewrite the From headers).

    Last, I agree that outright blocking messages that match an existing user's name is a shortsighted idea, but maybe surfacing it as a condition for an ETR rule would be helpful (so that the Subject can be tagged)

  6. 920 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    40 comments  ·  Microsoft 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
    Jesse Thompson supported this idea  · 
  7. 4,073 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    115 comments  ·  Microsoft 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks to everyone for your feedback and votes on this item. We’re working through a couple of options and hope to have more information shortly. It’s a very difficult problem to solve since group membership is consumed across many different aspects of Microsoft 365. Thanks for your patience and keep the feedback coming!

    Jesse Thompson supported this idea  · 
  8. 30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Jesse Thompson shared this idea  · 
  9. 21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Jesse Thompson commented  · 

    I think Revoke-SPOUserSession does that (more or less) well enough. The problem is that the SAML IdP session is still valid, so the SP (Office 365) will let the user log back in. What we need is the ability to suspend access to the Office 365 account during the time in which the attacker's IdP session may still be active.

  10. 1,490 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    56 comments  ·  Microsoft 365 Groups  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Jesse Thompson commented  · 

    Even if the group itself is not hidden, the members of a private group should be hidden.

    Jesse Thompson supported this idea  · 

Feedback and Knowledge Base