💡 Our Technical Review in summary
Summary
- Microsoft is introducing a new Protection reports section within the Teams admin center (TAC) under the “Analytics & reports” menu.
- This feature centralizes visibility into security signals reported by end-users, covering suspicious calls, chats, and channel messages.
- The rollout is split into two phases: Phase 1 (User-reported calls) begins mid-March 2026, and Phase 2 (User-reported chats and channels) will follow at a later date.
- The update aims to strengthen organizational security posture by allowing admins to review, investigate, and export user-submitted security data.
Impact
- Administrative Visibility: Admins gain a unified dashboard to monitor security threats identified by users. Data can be viewed in 1-day, 7-day, and 30-day windows.
- Data Management: Admins will have the ability to export report data for external analysis or documentation purposes.
- Compliance and Storage: This change involves the storage of new customer data (the reports themselves) and alters how admins access existing interaction data for investigation.
- Prerequisites: The visibility of these reports in the TAC is strictly dependent on end-user reporting features being enabled in Calling and Messaging policies.
Action Required
- Enable Reporting Policies: To ensure data populates when the feature arrives, verify that “Report a call” is enabled in Calling settings and “Report a security concern/incorrect detection” is enabled in Messaging settings within the TAC.
- Update Documentation: Revise internal helpdesk workflows and IT support documentation to include procedures for reviewing these new security signals.
- User Training: If necessary, update end-user training materials to encourage reporting of suspicious interactions, as this data will now be directly actionable by the IT security team.
- Monitor Timeline: Watch for future updates regarding Phase 2, which will integrate message-level reporting into the same Protection reports dashboard.
Microsoft Official Update
Service: N/A
Category: stayInformed
Severity: normal
[Introduction]
As part of our ongoing protection investments in Microsoft Teams, we will continue expanding the ways users can report suspicious or incorrect activity. Users can already report security concerns and incorrect detections in chats and channels (MC1037768, MC1147984), and more recently in calls (MC1223828). These user‑submitted reports help identify potential malicious activity and strengthen your organization’s security posture.
Building on this foundation, we will introduce new capabilities that allow Teams administrators to review and export user‑reported security submissions directly in the Teams admin center. A new Protection reports section will be added under Analytics and reports, giving admins unified visibility into user‑reported calls, chats, and channels.
This message relates to Microsoft 365 Roadmap ID 536571.
[When this will happen]
Phase 1 – User‑reported call data
- Targeted Release: Rollout will begin in mid‑March 2026 and complete in late March 2026.
- General Availability (Worldwide): Rollout will begin in mid‑April 2026 and complete in late April 2026.
Phase 2 – User‑reported chats and channels
- This phase will add message‑level reporting for security concerns and incorrect detections.
- The timeline will be communicated in a future update to this Message center post.
[How this affects your organization]
Who is affected: Teams administrators who have access to Analytics and reports in the Teams admin center.
What will happen:
- A new Protection reports section will appear under Teams admin center > Analytics & reports:
- Admins will be able to view and export data about user‑submitted security reports for calls (Phase 1) and later chats and channels (Phase 2).
- Reported interactions will begin populating once users submit reports.
- Admins will be able to review reported calls or messages and take appropriate action.
- Admins will be able to view 1‑day, 7‑day, and 30‑day reporting windows.
- This feature will require that user reporting settings be enabled in the Teams admin center.
[What you can do to prepare]
To ensure reporting data is available when rollout begins, verify that end‑user reporting features are enabled:
- Enable Report a call: Teams admin center > Calling settings
- Enable Report a security concern and Report incorrect detection: Teams admin center > Messaging settings
- Once enabled and users begin submitting reports, access data at: Teams admin center > Analytics & reports > Protection reports > User‑reported security submission
- Update internal documentation if your helpdesk relies on reporting workflows.
- If you maintain training or onboarding materials about Teams security practices, consider adding guidance on how users can report suspicious interactions.
[Compliance considerations]
| Question | Answer |
| Does the change store new customer data, if so, where, and is the data cached or permanently stored? | Yes. This change stores new customer data because user‑submitted security reports for calls, chats, and channels are collected and made available in the Teams admin center for administrative review. |
| Does the change alter how existing customer data is processed, stored, or accessed? | Yes. This change alters how existing customer data is accessed because it surfaces reported calls, messages, and detections to Teams administrators for investigation within the new Protection reports area. |
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities? | Yes. This change adds new monitoring and reporting capabilities by providing a dedicated Protection reports section where admins can view and export user‑reported security submissions. |
