💡 Our Technical Review in summary
Summary
- New Feature Expansion: Microsoft is extending the ability to report suspicious Teams messages to organizations with Microsoft Defender for Office 365 Plan 1. This feature was previously restricted to Plan 2.
- Scope: Users will be able to report potential phishing, malware, or spam within internal and external Teams chats, channels, and meeting chats.
- Timeline: The rollout is scheduled to begin and complete in mid-February 2026.
- Functionality: Users can report messages as either a “security risk” (malicious) or “not a security risk” (false positives).
Impact
- For Users: A new reporting interface will appear in Microsoft Teams, allowing users to flag suspicious content directly to the security team.
- For Security Admins: Reported messages will be centralized in the User reported page within the Microsoft Defender portal. This provides better visibility into threats originating in Teams rather than just email.
- Administrative Control: This feature is opt-in. It respects existing “User reported” settings in the Defender portal. If reporting is enabled, Teams admin center toggles will automatically activate to support this workflow.
- Threat Intelligence: Signals from user reports will be integrated into Defender’s detection engine to improve automated protection across the tenant.
Action Required
- Review Configuration: Navigate to the Microsoft Defender portal and review your User reported settings to ensure they align with your organizational policy.
- Define Reporting Destination: Decide whether user-reported messages should be sent to Microsoft, a custom security mailbox, or both.
- User Training: Update internal training materials to show users how to identify and report suspicious Teams messages. Clarify the difference between reporting a security risk versus a standard “ignore” or “delete” action.
- Documentation: Update internal IT helpdesk documentation to include procedures for investigating reported Teams content in the Defender portal.
- Monitoring: Post-deployment in February 2026, monitor the Defender portal for an influx of reports as users begin utilizing the new feature.
Microsoft Official Update
Service: N/A
Category: stayInformed
Severity: normal
[Introduction]
We’re expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections.
Users will be able to report messages in two ways:
- Report as security risk — for messages suspected to contain phishing, malware, or other malicious content.
- Report as not a security risk — for messages that were incorrectly identified as threats (false positives).
This message is associated with Microsoft 365 Roadmap ID 531760.
[When this will happen]
General Availability (Worldwide): Rollout begins in mid-February 2026 and is expected to complete in mid-February 2026.
[How this affects your organization]
Who is affected:
- Microsoft 365 tenants using Microsoft Defender for Office 365 Plan 1
- Users across Microsoft Teams
- Security admins reviewing reported messages
What will happen:
- Users will see options to report messages as security risks or not security risks.
- Reports will appear on the User reported page in the Defender portal and/or your configured mailbox.
- This feature is opt-in and respects your existing User reported settings.
- Teams admin center toggles for reporting will be automatically enabled when User reported settings are turned on.
[What you can do to prepare]
- Enable and configure User reported settings in the Defender portal.
- Review message reported destination preferences for reported messages.
- Communicate reporting guidance to users.
- Review supporting documentation.
- Update internal documentation as needed.
Learn more:
- How your submissions to Defender for Office 365 are processed behind-the-scenes | Microsoft Defender for Office 365 Blog
- Turn off or turn on user reporting of Teams messages in the Defender portal | Microsoft Learn
- User reported message settings in Microsoft Teams | Microsoft Defender for Office 365 | Microsoft Learn
[Compliance considerations]
No compliance considerations identified. Review as appropriate for your organization.
