M365 Archive
Back to latest version
You're viewing a historical snapshot from Jan 21, 2026. This is not the latest version.

Metadata at Jan 21, 2026

Message ID

MC1219788

View in Message Center

Published

Jan 21, 2026

Service

Microsoft Teams
Microsoft Defender XDR

Tag

New feature
User impact
Admin impact

Roadmap ID

531760

View roadmap details

Platforms

Android
Desktop
iOS
Linux
Mac
Web
View the latest version See what changed since this version

MC1219788 - Microsoft Defender for Office 365: Enable users to report suspicious Teams messages in Plan 1

Message Center

What changed since this version

removed textadded text

Updated February 13, 2026: We have updated the timeline. Thank you for your patience. 

Introduction

We’re expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections.

Users will be able to report messages in two ways:

  • Report as security risk — for messages suspected to contain phishing, malware, or other malicious content.
  • Report as not a security risk — for messages that were incorrectly identified as threats (false positives).

This message is associated with Microsoft 365 Roadmap ID 531760.

When this will happen

General Availability (Worldwide): Rollout begins in mid-late February 2026 (previously mid-March) and is expected to complete in mid-by end of February 2026 (previously late March).

How this affects your organization

Who is affected:

  • Microsoft 365 tenants using Microsoft Defender for Office 365 Plan 1
  • Users across Microsoft Teams
  • Security admins reviewing reported messages

What will happen:

  • Users will see options to report messages as security risks or not security risks
  • Reports will appear on the User reported page in the Defender portal and/or your configured mailbox.
  • This feature is opt-in and respects your existing User reported settings.
  • Teams admin center toggles for reporting will be automatically enabled when User reported settings are turned on.
What you can do to prepare
  • Enable and configure User reported settings in the Defender portal.
  • Review message reported destination preferences for reported messages.
  • Communicate reporting guidance to users.
  • Review supporting documentation.
  • Update internal documentation as needed.

Learn more: 

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.

Snapshot from Jan 21, 2026

Introduction

We’re expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections.

Users will be able to report messages in two ways:

  • Report as security risk — for messages suspected to contain phishing, malware, or other malicious content.
  • Report as not a security risk — for messages that were incorrectly identified as threats (false positives).

This message is associated with Microsoft 365 Roadmap ID 531760.

When this will happen

General Availability (Worldwide): Rollout begins in mid-February 2026 and is expected to complete in mid-February 2026.

How this affects your organization

Who is affected:

  • Microsoft 365 tenants using Microsoft Defender for Office 365 Plan 1
  • Users across Microsoft Teams
  • Security admins reviewing reported messages

What will happen:

  • Users will see options to report messages as security risks or not security risks
  • Reports will appear on the User reported page in the Defender portal and/or your configured mailbox.
  • This feature is opt-in and respects your existing User reported settings.
  • Teams admin center toggles for reporting will be automatically enabled when User reported settings are turned on.
What you can do to prepare
  • Enable and configure User reported settings in the Defender portal.
  • Review message reported destination preferences for reported messages.
  • Communicate reporting guidance to users.
  • Review supporting documentation.
  • Update internal documentation as needed.

Learn more: 

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.