💡 Our Technical Review in summary
Summary
- Microsoft is introducing a “Report a Call” feature in Microsoft Teams to combat the rise of voice-based phishing (vishing) and scam attempts.
- This feature allows users to flag suspicious or unwanted one-to-one calls directly from their call history.
- The rollout is scheduled to begin in mid-March 2026 for Targeted Release and reach General Availability by late April 2026.
- This update integrates with Microsoft Defender for Office 365 and the Teams Admin Center to provide security teams with actionable threat intelligence.
Impact
- End Users: Users on Windows, Mac, and Web will see a new “Report a Call” option in their Teams call history under the “More options” (…) menu for one-to-one calls.
- Default State: The reporting UI will be enabled by default on the Teams client.
- Security Teams: If your organization has Defender for Office 365 (Plan 1 or 2) or Microsoft Defender XDR, detailed reports containing call metadata (timestamp, duration, caller ID) and the user’s reason for reporting will be visible in the Microsoft Defender portal.
- Teams Administrators: Basic submission data will be accessible via the Teams Admin Center (TAC) under Analytics & Reports > Protection reports > User-reported security submissions.
- Data Privacy: Only limited metadata and contextual information related to the reported call are processed and shared with the organization and Microsoft for security analysis.
Action Required
- Configure Defender Portal: To receive detailed intelligence, navigate to the User Reporting settings in the Microsoft Defender portal and ensure the “Teams call reporting” setting is enabled.
- Update Internal Documentation: Update help desk scripts and user training materials to reflect the new reporting capability. Educate users on the difference between a “suspicious/scam” call (which should be reported) and a standard “unwanted/spam” call.
- Review Policy Settings: If your organization prefers to manage this through a phased rollout or wishes to disable the feature, navigate to Calling settings in the Teams Admin Center to toggle the “Report a Call” option off.
- Monitor Reports: Following the mid-April 2026 rollout, security admins should regularly check the “User-reported security submissions” dashboard in the Teams Admin Center to identify emerging voice-based threat patterns.
Microsoft Official Update
Service: N/A
Category: stayInformed
Severity: normal
[Introduction]
As Microsoft Teams calling adoption continues to grow across organizations, scam and phishing attempts targeting users through voice calls are increasing as well. Currently, users have no simple way to report suspicious calls, leaving organizations without visibility into these threats and without clear guidance on how users should respond.
To address this gap, we’re introducing Report a Call in Microsoft Teams. With this feature, users can flag suspicious or unwanted one-to-one calls directly in Teams, giving your security team actionable intelligence and helping build organization-wide protection against bad actors.
This message relates to Microsoft 365 Roadmap ID 536573.
[When this will happen]
Targeted Release: Rollout will begin in mid-March 2026 and will be completed in late March 2026.
General Availability (Worldwide): Rollout will begin in mid-April 2026 and is expected to be completed in late April 2026.
[How this will affect your organization]
Who is affected:
Users who make or receive calls in Microsoft Teams on Windows, Mac, and Web.
What will happen:
- A new Report a Call option will appear in Teams call history for one-to-one calls only (ON by default on the Teams client).
- Users will be able to click more options next to any call and select Report a Call.
- Relevant call metadata and limited contextual information will be securely shared with your organization and Microsoft.
- Security teams will view detailed reported instances in the Microsoft Defender portal, which will require Defender for Office 365 (Plan 1 or Plan 2) or Defender XDR.
- Information about user-submitted reports will be available in Teams Admin Center under Protection reports > User-reported security submissions.
- Admins will be able to investigate and take appropriate action.
[What you can do to prepare]
While the reporting option is enabled by default on Teams clients, you can configure the Microsoft Defender portal to receive and access these reports or access basic submissions data in Teams admin center.
1. For enhanced reporting, enable the setting in the Microsoft Defender portal:
- Navigate to User reporting settings.
- Ensure the Teams call reporting setting is enabled.
- Without this, detailed reported calls will not appear in the defender portal.
Alternatively, you can view reports in the Teams admin center:
- Open Teams admin center > Analytics & Reports > Protection Reports.
- Select User-reported security submissions from the drop-down.
- Select the desired time period and interaction mode (Calls).
2. Prepare user communication:
- Inform users about the new Report a Call option before rollout.
- Clarify when to use it: suspicious calls, potential scams, unwanted calls from external parties.
- Set expectations: reporting helps the organization, not just individual complaints.
To disable the experience on the Teams client:
- In the Teams admin center, under Calling settings, disable the Report a Call toggle.
[Compliance considerations]
Data Processing:
Limited call-related metadata is processed when a user submits a report, including:
- Call timestamp and duration
- Caller ID information (if available)
- Teams user IDs for participants
- User’s reason for reporting (if provided)
