1,504 votes116 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
We are working on customizable limits, but we have no ETA at this time. Thank you for the feedback.
This is now on the Microsoft 365 Roadmap, due in Q1 2020. https://www.microsoft.com/en-us/microsoft-365/roadmap?SilentAuth=1&rtc=1&filters=&searchterms=55025
9,009 votesMichael supported this idea ·
In Matthew's comment, it is unclear whether "renaming the Office 365 Tenant" and "changing the SharePoint domain URL" are the same thing. They might be, but the change in terminology between the problem and proposed solution is interesting.
Microsoft gave an answer to this question in March 2019 on SharePoint UserVoice (at https://sharepoint.uservoice.com/forums/329214-sites-and-collaboration/suggestions/13217277-enable-renaming-the-site-collection-urls). The update says: "Thanks for your feedback! Just a note to let you know that we’re building your suggestion now. We plan to increase availability to this feature throughout 2019.
Corporate lifecycle is a real and constant pressure in business, often resulting in a need to rename the Office 365 Tenant. To that end we are working on the solution to change the SharePoint domain URL (contoso.sharepoint.com renamed to fabrikam.sharepoint.com). This capability will also then enable the renaming of an individual site collection (contoso.sharepoint.com/sites/abc to contoso.sharepoint.com/sites/xyz).
While we don’t have an estimated delivery date to share at this time, we’ll update your suggestion with details as they become available.
438 votes16 comments · Office 365 Security & Compliance » DLP & Transport Rules · Flag idea as inappropriate… · Admin →
Josh - can you achieve your stated outcome by just auto-encrypting the outbound message if it matches your conditions? Above you want to block the message and advise the sender unless it is encrypted.
Do you have access to Office 365 Cloud App Security in E5? This has the capabilities you are seeking, although it is on a higher priced plan.
My thought: if the domain is trusted implicitly because it is in Office 365, then there is no protection against compromised user accounts in an Office 365 tenant. With so many phishing emails aiming to get Office 365 account credentials, there has to be something running across the service to gauge the current validity of each message.
There is an anti-malware policy configuration that is separate to the custom anti-spam policy. Does this not give you what you are looking for?
Can you confirm that the user did actually log in this many times (ask him or her)? Or is there any additional evidence of a brute force attack or some other security incident unfolding?
Can you please confirm that you created the roles in the Security & Compliance Center or in the Exchange Admin Center? This page says that the "View-Only Audit Logs" and "Audit Logs" role must be assigned in the Exchange Admin Center in order to get access to the Audit Logs; they can't be created in the S&CC.
I may have mis-understood your question ;-)