💡 Our Technical Review in summary
Summary
- Microsoft is introducing the External domains anomalies report for Microsoft Teams to help administrators identify risky or unusual communication patterns with external organizations.
- The report analyzes cross-tenant interactions and highlights sudden spikes in activity, such as an abnormal number of new 1:1 or group chat threads initiated by external domains.
- This feature is tracked under Microsoft 365 Roadmap ID 536572 and is scheduled for rollout between early March 2026 and mid-March 2026.
Impact
- Administrative Visibility: Teams Administrators will gain access to a new reporting interface under Protection reports > Communication anomalies in the Teams Admin Center.
- Security Insights: The report provides granular data on external domains, including the total number of anomalies detected and the volume of new 1:1 and group threads created by those domains.
- Direct Mitigation: Admins will have the ability to immediately block problematic external domains directly from the report interface to prevent further unauthorized or risky engagement.
- Proactive Monitoring: Organizations can shift from reactive review to proactive defense by enabling daily automated alerts that summarize the top five domains exhibiting unusual activity.
Action Required
- No initial action is required for the report to appear in the Teams Admin Center; it will be available by default upon rollout.
- Configure Alerts: To receive proactive notifications, navigate to Notifications & alerts > Rules in the Teams Admin Center, select External domains anomalies, and set the status to Active.
- Notification Routing: It is recommended to specify a dedicated Microsoft Teams channel for these alerts to ensure the relevant security or IT staff are notified of daily summaries.
- Update Documentation: Review and update internal SOPs regarding external collaboration and domain blocking to include the use of this new report in your security audit workflow.
Microsoft Official Update
Service: N/A
Category: stayInformed
Severity: normal
Updated January 29, 2026: We have updated the timeline. Thank you for your patience.
[Introduction]
To help admins detect unusual or potentially risky interactions with external organizations, Microsoft Teams is introducing the External domains anomalies report. This report analyzes cross-tenant communication patterns for your tenant and highlights sudden spikes or abnormal engagement activity. These insights support proactive investigation and help protect your organization while enabling secure external collaboration.
This message is associated with Microsoft 365 Roadmap ID 536572.
[When this will happen]
- General Availability (Worldwide): Rolling out in early March 2026 (previously late February) and expected to complete in mid-March 2026.
[How this affects your organization]
Who is affected:
- Teams administrators can view this report for their Microsoft 365 tenant if their organization collaborates with external organizations.
What will happen:
- A new External domains anomalies report will be available in the Microsoft Teams admin center under Protection reports.
- Admins can select Communication anomalies, choose a date range, and run the report to view results:
- Insights include external domains with unusual communication activity:
- External domain name
- Total anomalies detected
- New 1:1 threads created by that domain
- New group threads created by that domain
- A Block option is available directly in the report for managing external domains:
[What you can do to prepare]
No action is required to access the report.
To receive proactive alerts:
- Enable External domains anomalies alerts in the Teams admin center:
- Go to Notifications & alerts > Rules.
- Select External domains anomalies.
- Set status to Active.
- Specify a Teams channel for notifications if desired.
- Daily alerts will summarize the top five domains with unusual activity.
[Compliance considerations]
No compliance considerations identified. Review as appropriate for your organization.
