Category
planForChange
Severity
normal
Major change
True
Last modified
2026-05-15 23:13:53
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
—
Action by (AI)
2026-06-01 00:00:00
Services
Microsoft Teams
Tags
New feature, User impact, Admin impact
Master tags
Admin, Security
Roadmap IDs
560702
One-line summary
A new Security Detection Report in the Teams admin center will unify messaging security detections like impersonation, malicious URLs, and unsafe files; rollout begins late June 2026.
Similar updates
More like thisMC1200576 Teams admin center: Messaging safety defaults changing to "On" by default
Teams admin center: Messaging safety defaults changing to "On" by default Starting January 12, 2026, Teams will enable weaponizable file and malicious URL protection, plus reporting, by default for tenants using default messaging safety settings. [Introduction] We’re improving messaging security in Microsoft Teams by enabling key safety.
MC1148539 (Updated) Microsoft Teams: Malicious URL Protection for Teams Chat and Channels
(Updated) Microsoft Teams: Malicious URL Protection for Teams Chat and Channels Malicious URL Protection in Teams rolls out globally in Nov 2025, warning users about unsafe links; feature defaults ON at GA, with admin override possible. ...osoft Teams is expected to finish before the end of November 2025 for General AvailabilityIntroduction.
MC1147984 (Updated) Microsoft Teams: User reporting for incorrectly identified security concerns
(Updated) Microsoft Teams: User reporting for incorrectly identified security concerns Teams users can now report messages incorrectly flagged as security threats; feature rolls out GA by end of Nov 2025 and is on by default, with admin controls in Teams and Defender portals. Updated November 17, 2025: The rollout of “Report incorrect security.
MC1187679 Microsoft Teams: Protection against tenant-owned domain impersonation in Teams chat
Microsoft Teams: Protection against tenant-owned domain impersonation in Teams chat Teams will soon alert users of external chat attempts impersonating tenant-owned domains, enhancing security for organizations with external access enabled. Feature is on by default and requires no admin action. [Introduction:] Coming soon to Microsoft Teams : A.
MC1193689 Microsoft baseline security mode for Office, SharePoint, Exchange, Teams, and Entra
Microsoft baseline security mode for Office, SharePoint, Exchange, Teams, and Entra Baseline Security Mode adds a dashboard in Microsoft 365 admin center to assess and align tenant security with Microsoft’s recommended standards, starting rollout mid-November 2025. Introduction Baseline Security Mode is a centralized experience that helps you.
MC1148540 (Updated) New file protection in Teams chat and channels blocks unsafe content
...protection in Teams chat and channels blocks unsafe content Teams will block messages with weaponizable file types by default starting November 2025;Updated November 17, 2025: The rollout of Weaponizable file type protection in Microsoft Teams is expected to finish before the end of November 2025 for General Availability (Worldwide)..
Details
RoadmapIds
560702
FeatureStatusJson
{"560702":[{"RoadmapId":560702,"Platform":"Web","Status":"FeatureRolloutStatusNotSupported","LastUpdateTime":"2026-05-16T03:00:22.8749576Z","LatestRing":null},{"RoadmapId":560702,"Platform":"All","Status":"FeatureRolloutStatusNotSupported","LastUpdateTime":"2026-05-16T03:00:22.8749577Z","LatestRing":null}]}
Summary
A new Security Detection Report in the Teams admin center offers centralized visibility into messaging threats like impersonation, malicious URLs, and unsafe files. Available from late June 2026, it helps admins investigate, export data, and block malicious users, enhancing security operations and response workflows.
Platforms
Web
Body (from Message Center)
[Introduction]
A new Security Detection Report in the Teams admin center provides a unified view of messaging security detections across signals such as impersonation, malicious URLs, and weaponizable file types. This centralized reporting experience improves visibility into threats in Teams and helps admins investigate and respond to suspicious activity more efficiently.
This message is associated with Microsoft 365 Roadmap ID 560702.
[When this will happen:]
General Availability (Worldwide): Rollout will begin in late June 2026 and is expected to complete by late June 2026.
[How this affects your organization:]
Who is affected:
- Admins who manage Microsoft Teams environments and security operations
- Security and helpdesk teams responsible for investigating messaging threats
What will happen:
- A new Security Detection Report will be available in the Teams admin center under Analytics & reports > Protection reports > Security detections report.
- The report provides centralized visibility into messaging security detections across Teams, including impersonation attempts, malicious links, and unsafe file types.
- Admins can review detection details such as:
- Sender
- Recipient context
- Detection type
- Available user actions
- Admins can export report data for further investigation, including additional metadata such as sender identifier and thread ID.
- The following messaging security protections are enabled by default:
- Impersonation detection does not require configuration.
- Malicious link scanning can be managed through Messaging safety settings in the Teams admin center.
- Unsafe file type scanning can be managed through Messaging safety settings in the Teams admin center.
- Admins can block malicious external users identified in the report through External access settings to prevent further communication attempts.
Screenshot: Example of a Security Detection Report:
[What you can do to prepare:]
- Review current Messaging safety settings to confirm malicious link and file scanning configurations.
- Familiarize security and helpdesk teams with the new report and export capabilities.
- Update investigation and response workflows to incorporate Teams detection signals.
- Use Teams admin center navigation path to locate the report:
- Analytics & reports > Protection reports > Security detections report
- Update internal documentation or runbooks if you document security investigation processes.
Before rollout, we will update this post with new documentation.
[Compliance considerations:]
Introduces enhanced admin reporting for monitoring and investigating messaging security detections.
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": null,
"ai_action_required_by": "2026-06-01T00:00:00Z",
"ai_actions": [
"Review Messaging safety settings",
"Familiarize teams with new report features",
"Update incident response workflows",
"Locate report in Teams admin center",
"Update documentation/runbooks"
],
"ai_master_tags": [
"Admin",
"Security"
],
"ai_model": "gpt-4.1",
"ai_summary": "A new Security Detection Report in the Teams admin center will unify messaging security detections like impersonation, malicious URLs, and unsafe files; rollout begins late June 2026.",
"ai_topics": [
"Teams"
],
"category": "planForChange",
"details_map": {
"FeatureStatusJson": "{\"560702\":[{\"RoadmapId\":560702,\"Platform\":\"Web\",\"Status\":\"FeatureRolloutStatusNotSupported\",\"LastUpdateTime\":\"2026-05-16T03:00:22.8749576Z\",\"LatestRing\":null},{\"RoadmapId\":560702,\"Platform\":\"All\",\"Status\":\"FeatureRolloutStatusNotSupported\",\"LastUpdateTime\":\"2026-05-16T03:00:22.8749577Z\",\"LatestRing\":null}]}",
"Platforms": "Web",
"RoadmapIds": "560702",
"Summary": "A new Security Detection Report in the Teams admin center offers centralized visibility into messaging threats like impersonation, malicious URLs, and unsafe files. Available from late June 2026, it helps admins investigate, export data, and block malicious users, enhancing security operations and response workflows."
},
"id": "MC1311977",
"importance": 5,
"is_major_change": true,
"last_modified": "2026-05-15T23:13:53Z",
"ms_products": [
"Teams"
],
"platforms": "Web",
"roadmap_ids": [
"560702"
],
"services": [
"Microsoft Teams"
],
"severity": "normal",
"tags": [
"New feature",
"User impact",
"Admin impact"
],
"title": "Security Detection Report in Teams Admin Center"
}
}