Current Alert Policies need to be expanded upon to enable granular alerting on parts of a tenant, i.e. a subsite of Sharepoint Collection.

Our business requires that audit and alerting of Admin level access to subsites with sensitive information - such as HR. With this, it means that even admins will not be able to access restricted content without ringing the alarm bells.

To add to this, why on earth does Microsoft have a single global on/off switch for audit logging. This is not necessary as most organisations may only require audit logging of a smaller subset of data. This will reduce the overheads of storage, processing, performance, etc. when it comes to alert triggers, reporting, etc.

SharePoint 2016 introduces a new feature called Data Loss prevention (DLP).
Our organization would like to use this new feature, however after starting an evaluation process it came to our attention that SharePoint 2016 can only make use of predefined DLP Templates (10 Templates) all concerning US and UK PII data, social security numbers or financial data for these regions and that there is no way to build and import custom templates with custom data types as it is possible with Exchange 2013/2016 On premise or even O365 (https://technet.microsoft.com/en-us/library/jj674310(v=exchg.150).aspx)

For the DLP feature to be useful for European customers it would be very useful if Microsoft would extend this great capability so that we would be able to create and import templates specific to local and business requirements.

This would not only benefit our organization but will also help other EU customers storing data on SharePoint platforms to be compliant with EU regulations in this matter, or other specific organizational requirements depending on the sector where the organization resides.

There are situations where Word documents must comply strictly with a template (.dotx).

The administrator can include the correct template in a Content Type, but applying the Content Type does not override the original template used to create the document.

This makes it almost impossible to manage documents effectively. Each author has their own local Word template. Twenty authors could have 20 different templates, and potentially none of them being compliant.

SharePoint continues to show the original, local template as being attached, even when that template is on a local PC and not reachable by any user except the original author.

This is illogical and inefficient. It the Content Type specifies a template, that template must override the original document template. If I don’t care what template is used, I will not specify one in the Content Type.

Please at least make this an option: "Content Type template overrides original document template". But if this can’t be done, just make the Content Type template replace whatever template was used originally before the document was uploaded.

As a library administrator, my only option is to check out every document, apply the correct template locally, then check it back in. I should not have to do that!

After a security event at a sister company, we began looking at our own security posture in more detail. One thing that stood out in Cloud App Security logs was PowerPoint file downloads from our COO's OneDrive. The Cloud App Security entries showed the user as n/a but the json details showed it as "Teams Meeting Anonymous Participant". This meeting was internal employees only. The PowerPoint had sensitive information. We were concerned we had a security issue.

With MS' help, back-end logs showed that the COO was the user that had downloaded from his own OneDrive. He was presenting the PowerPoint in a Teams meeting at this time.

*English follows Japanese

■Title(件名)：
権限操作のログを取得する機能を実装してほしい。
Add a way to get permission action logs

■Description(内容):
監査ログの機能にて、アイテムの操作に関するログを取得することが可能です。
しかしながら権限の操作に関するログを取得することができず、意図せず権限が付与された、または抜け落ちてしまった場合に、いつ・誰によって・なぜ権限が変更されてしまったのかを調査することができない現状です。
お客様におかれましては、多数のユーザーに対して権限を付与したアイテムを数日後に確認したところ、付与したうちの複数のユーザーの権限が外れている状況です。
手動にて権限を改めて付与していただいたのち、現在に至るまで事象の再発は確認されておりませんが、このような事象が発生してしまった明確なタイミングや原因が不明なままであるため、今後同じ事象が発生してしまう懸念をしております。
権限操作のログ取得が可能であれば事象の原因究明が進み、再発防止に繋がる可能性が高いため、本機能の実装を強く望みます。

In the audit logs, it is possible to get logs of actions carried out on items.
However, there is no way to get logs of permission actions, so if permissions are granted or removed unintentionally, there is no way to investigate who did it, when or why.
Our customer has found that after granting several users permissions for an item, checking back a few days later shows that some of the users do not have them assigned.
After manually reassigning the permissions, there was no way to find why this happened, or the exact timing of the issue. Therefore, they have concerns that it could happen again in future.
If it was possible to get logs of permission actions, it would be possible to investigate the cause of this issue, which would probably allow it to be prevented from happening again, so please make it possible to get these logs.