← Back
Microsoft Teams: Protection against tenant-owned domain impersonation in Teams chat
MC1187679 · build prod-20251231-200323
Category
planForChange
Severity
normal
Major change
False
Last modified
2025-11-18 16:21:05
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
Action by (AI)
Services
Microsoft Teams
Tags
New feature, User impact, Admin impact
Master tags
Security
Roadmap IDs
526780

One-line summary

Teams will soon alert users of external chat attempts impersonating tenant-owned domains, enhancing security for organizations with external access enabled. Feature is on by default and requires no admin action.

Similar updates

More like this
MC1162276 (Updated) Microsoft Teams: Trust Indicators – a new way of representing users outside your organization
(Updated) Microsoft Teams: Trust Indicators – a new way of representing users outside your organization Microsoft Teams will introduce Trust Indicators—visual badges identifying external, guest, or anonymous users—to reduce oversharing risks. [Introduction:] To help users quickly identify external participants in Microsoft Teams and reduce the.
MC1133508 (Updated) Microsoft Teams Integration with Microsoft Defender for Office Tenant Allow/Block List for blocking domains
...with Microsoft Defender for Office Tenant Allow/Block List for blocking domains Microsoft Teams now integrates with Microsoft Defender for Office 365 Tenant Allow/Block List, enabling security admins to centrally manage blocked external domainsIntroduction We're introducing a new integration between Microsoft Teams and Microsoft Defender for.
MC1200058 Microsoft Defender for Office 365: Admins can block external users in Microsoft Teams from Defender Portal
Microsoft Defender for Office 365: Admins can block external users in Microsoft Teams from Defender Portal Admins can now block external users in Microsoft Teams via the Tenant Allow/Block List in the Microsoft Defender portal, controlling access and communications. [Introduction] We’re introducing an integration between Microsoft Teams and.
MC1150123 (Updated) Teams Admin Center: Control External Access by Domain for Specific Users and Groups
(Updated) Teams Admin Center: Control External Access by Domain for Specific Users and Groups Teams admins can now assign custom external access policies to users/groups, enabling granular control over which external domains they can interact with; GA rollout starts late Octobe... Introduction We are introducing a new capability in Microsoft.
MC1148539 (Updated) Microsoft Teams: Malicious URL Protection for Teams Chat and Channels
(Updated) Microsoft Teams: Malicious URL Protection for Teams Chat and Channels Malicious URL Protection in Teams rolls out globally in Nov 2025, warning users about unsafe links; feature defaults ON at GA, with admin override possible. Updated November 17, 2025: The rollout of Malicious URL Protection in Microsoft Teams is e... Introduction.
MC1162275 Product transitions to the cloud.microsoft domain – September 2025
Product transitions to the cloud.microsoft domain – September 2025 Microsoft Teams is now available at teams.cloud.microsoft; users will be redirected from the old domain in coming months to enhance security. Update links and ensure .cloud.microsoft is not blocked. [Introduction] To improve security and trust across Microsoft cloud services,.

Details

RoadmapIds
526780
Summary
Microsoft Teams will soon detect and warn users of tenant-owned domain impersonation in external chats, displaying high-risk alerts when suspicious. This feature, enabled by default for organizations allowing external access, launches December 2025 across all platforms with no admin controls or required actions.
Platforms
Android, Desktop, iOS, Mac, Web

Body (from Message Center)

[Introduction:]

Coming soon to Microsoft Teams: A new security feature to enhance external collaboration. If your organization allows external domains to contact users in Teams, we will identify if an external user is impersonating a domain owned by your tenant during their initial contact through Teams chat. If we detect potential impersonation, we will show a high-risk alert to the user, notifying them to check for suspicious name/email and proceed with caution.

This message is associated with Microsoft 365 Roadmap ID 526780.

[When this will happen:]

General Availability: Begins in early December 2025 and expected to complete by mid-December 2025.

[How this affects your organization:]

Who is affected: Organizations that have enabled Teams external access.

What will happen:

  • Before rollout: Teams only scanned for brand impersonation risks.
  • After rollout: Teams will check for both brand and tenant-owned domain impersonation attempts.
  • When impersonation is detected, users will see the warning: “This looks like a spam or phishing attempt” and must preview and validate the sender before accepting the chat invitation.
  • The feature will be ON by default for all tenants that allow external access in Teams.
  • There are no admin controls to manage this functionality; admins cannot disable this feature.
  • No admin configuration changes are required.
  • Platform availability: Android, Desktop, iOS, Mac, Web

Screenshot 1 - User sees this warning when the sender is detected as a potential impersonator of the tenant’s own domain. In this example, the sender’s domain is “fabrikarn.com”, which looks like the recipient tenant’s own domain “fabrikam.com”:

 user settings

Screenshot 2 - When user clicks on “Preview their messages safely”, they can see the message from the sender, and make the decision of “Accept” or “Block”:

 user settings

Screenshot 3 - If the user decides to accept, they will be prompted again to check the sender’s legitimacy and confirm that they are not phishing, before the chat is officially accepted:

 user settings 

[What you can do to prepare:]

  • No action is required; this security check is automatic.
  • Admins can review audit logs for impersonation attempts detected.

Learn more: Security and compliance in Microsoft Teams | Microsoft Teams | Microsoft Learn

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Raw JSON (for debugging)

Expand/collapse the full payload below.
Show/hide raw 
{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": null,
    "ai_actions": [
      "Review audit logs for impersonation attempts"
    ],
    "ai_master_tags": [
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "Teams will soon alert users of external chat attempts impersonating tenant-owned domains, enhancing security for organizations with external access enabled. Feature is on by default and requires no admin action.",
    "ai_topics": [
      "Teams"
    ],
    "category": "planForChange",
    "details_map": {
      "Platforms": "Android, Desktop, iOS, Mac, Web",
      "RoadmapIds": "526780",
      "Summary": "Microsoft Teams will soon detect and warn users of tenant-owned domain impersonation in external chats, displaying high-risk alerts when suspicious. This feature, enabled by default for organizations allowing external access, launches December 2025 across all platforms with no admin controls or required actions."
    },
    "id": "MC1187679",
    "importance": 2,
    "is_major_change": false,
    "last_modified": "2025-11-18T16:21:05Z",
    "ms_products": [
      "Teams"
    ],
    "platforms": "Android, Desktop, iOS, Mac, Web",
    "roadmap_ids": [
      "526780"
    ],
    "services": [
      "Microsoft Teams"
    ],
    "severity": "normal",
    "tags": [
      "New feature",
      "User impact",
      "Admin impact"
    ],
    "title": "Microsoft Teams: Protection against tenant-owned domain impersonation in Teams chat"
  }
}