check before: 2026-02-01
Product:
Defender, Defender for Office 365, Defender XDR, Microsoft 365 admin center, Teams
Platform:
Android, iOS, Linux, Mac, Online, Web, Windows Desktop, World tenant
Status:
Rolling out
Change type:
Admin impact, New feature, Updated message, User impact
Links:
Details:
Summary:
Microsoft Defender for Office 365 Plan 1 will enable users to report suspicious Teams messages as security risks or false positives starting late February 2026. Reports appear in the Defender portal, the feature is opt-in, and admins can configure settings to enhance phishing and malware detection in Teams.
Details:
Updated February 13, 2026: We have updated the timeline. Thank you for your patience.
[Introduction]
We're expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections.
Users will be able to report messages in two ways:
Report as security risk - for messages suspected to contain phishing, malware, or other malicious content.
Report as not a security risk - for messages that were incorrectly identified as threats (false positives).
This message is associated with Microsoft 365 Roadmap ID 531760.
[When this will happen]
General Availability (Worldwide): Rollout begins in late February 2026 (previously mid-March) and is expected to complete by end of February 2026 (previously late March).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability
Created:
2026-01-21
updated:
2026-02-14
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft is adding a feature to Microsoft Defender for Office 365 Plan 1 that allows users to report suspicious messages in Microsoft Teams, enabling security teams to quickly address potential threats, with the rollout starting in late February 2026.
Direct effects for Operations**
User Reporting of Suspicious Messages
If the change is implemented without preparation, users may misuse the reporting feature, leading to an increase in false reports, which can overwhelm security teams and distract from genuine threats.
- roles: End Users, Security Admins
- references: https://learn.microsoft.com/defender-office-365/submissions-teams, https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/how-your-submissions-to-defender-for-office-365-are-processed-behind-the-scenes/4231551
Increased Security Team Workload
Without proper communication and training, the security team may face an influx of reports that are not properly categorized, leading to delays in addressing real security threats and potential vulnerabilities.
- roles: Security Admins, IT Operations
- references: https://learn.microsoft.com/defender-office-365/submissions-teams#turn-off-or-turn-on-user-reporting-of-teams-messages-in-the-defender-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/defender-office-365/submissions-teams#turn-off-or-turn-on-user-reporting-of-teams-messages-in-the-defender-portal, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=531760
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-02-14 | MC Last Updated | 02/09/2026 22:28:38 | 2026-02-13T21:18:33Z |
| 2026-02-14 | MC Messages | Updated February 9, 2026: We have updated the timeline. Thank you for your patience.
[Introduction] We're expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections. Users will be able to report messages in two ways: Report as security risk - for messages suspected to contain phishing, malware, or other malicious content. Report as not a security risk - for messages that were incorrectly identified as threats (false positives). This message is associated with Microsoft 365 Roadmap ID 531760. [When this will happen] General Availability (Worldwide): Rollout begins in mid-March 2026 (previously mid-February) and is expected to complete in late March 2026 (previously mid-February). | Updated February 13, 2026: We have updated the timeline. Thank you for your patience.
[Introduction] We're expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections. Users will be able to report messages in two ways: Report as security risk - for messages suspected to contain phishing, malware, or other malicious content. Report as not a security risk - for messages that were incorrectly identified as threats (false positives). This message is associated with Microsoft 365 Roadmap ID 531760. [When this will happen] General Availability (Worldwide): Rollout begins in late February 2026 (previously mid-March) and is expected to complete by end of February 2026 (previously late March). |
| 2026-02-14 | MC End Time | 04/27/2026 09:00:00 | 2026-03-30T09:00:00Z |
| 2026-02-14 | MC Summary | Microsoft Defender for Office 365 Plan 1 will enable users to report suspicious Teams messages as security risks or false positives starting mid-March 2026. Reports appear in the Defender portal, the feature is opt-in, and admins can configure settings to enhance phishing and malware detection across Teams chats. | Microsoft Defender for Office 365 Plan 1 will enable users to report suspicious Teams messages as security risks or false positives starting late February 2026. Reports appear in the Defender portal, the feature is opt-in, and admins can configure settings to enhance phishing and malware detection in Teams. |
| 2026-02-10 | MC MessageTagNames | New feature, User impact, Admin impact | Updated message, New feature, User impact, Admin impact |
| 2026-02-10 | MC Summary | Microsoft Defender for Office 365 Plan 1 will allow users to report suspicious Teams messages as security risks or false positives starting mid-February 2026. Reports appear in the Defender portal, with opt-in settings and automatic Teams admin toggles. Organizations should enable user reporting and update guidance accordingly. | Microsoft Defender for Office 365 Plan 1 will enable users to report suspicious Teams messages as security risks or false positives starting mid-March 2026. Reports appear in the Defender portal, the feature is opt-in, and admins can configure settings to enhance phishing and malware detection across Teams chats. |
| 2026-02-10 | MC Last Updated | 01/21/2026 01:34:20 | 2026-02-09T22:28:38Z |
| 2026-02-10 | MC Messages | [Introduction]
We're expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections. Users will be able to report messages in two ways: Report as security risk - for messages suspected to contain phishing, malware, or other malicious content. Report as not a security risk - for messages that were incorrectly identified as threats (false positives). This message is associated with Microsoft 365 Roadmap ID 531760. [When this will happen] General Availability (Worldwide): Rollout begins in mid-February 2026 and is expected to complete in mid-February 2026. | Updated February 9, 2026: We have updated the timeline. Thank you for your patience.
[Introduction] We're expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections. Users will be able to report messages in two ways: Report as security risk - for messages suspected to contain phishing, malware, or other malicious content. Report as not a security risk - for messages that were incorrectly identified as threats (false positives). This message is associated with Microsoft 365 Roadmap ID 531760. [When this will happen] General Availability (Worldwide): Rollout begins in mid-March 2026 (previously mid-February) and is expected to complete in late March 2026 (previously mid-February). |
| 2026-02-10 | MC Title | Microsoft Defender for Office 365: Enable users to report suspicious Teams messages in Plan 1 | (Updated) Microsoft Defender for Office 365: Enable users to report suspicious Teams messages in Plan 1 |
| 2026-02-10 | MC End Time | 03/18/2026 08:00:00 | 2026-04-27T09:00:00Z |
Last updated 3 days ago ago
