Microsoft to let Office 365 users report Teams phishing messages

Microsoft is working on updating Microsoft Defender for Office 365 to allow Microsoft Teams users to alert their organization's security team of any dodgy messages they receive.

Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection or Office 365 ATP) protects organizations from malicious threats from email messages, links, and collaboration tools.

This in-development feature aims to allow admins to filter potentially dangerous messages targeting employees with malicious payloads or trying to redirect them to phishing websites.

"End users will be able to report suspicious Microsoft Teams messages as a security threat just like they do for emails - to help the organization to protect itself from attacks via Microsoft Teams," Microsoft explains on the Microsoft 365 roadmap.

Redmond is also working on updating Defender for Office 365's Submissions experience to categorize the user-reported messages into individual tabs for Phish, Spam (Junk), and so on, according to the users' reports.

While the upgraded submission feature is expected to reach general availability next month, the new user reporting capability is now in preview and will most likely roll out to standard multi-tenants until the end of January 2023 to desktop and web clients worldwide.

Recent Defender for Office 365 security enhancements

These new Defender for Office 365 capabilities build upon improvements announced in July 2021, allowing Microsoft Teams to automatically blocks phishing attempts.

Microsoft achieved this by extending Defender for Office 365 Safe Links protection to the Teams communication platform to help safeguard users from malicious URL-based phishing attacks.

Microsoft explained that the "Safe Links in Defender for Office 365 scans URLs at the time of click to ensure that users are protected with the latest intelligence from Microsoft Defender."

Redmond also started rolling out Built-In Protection to Defender for Office 365 in November 2021, a new feature that automatically enables recommended settings and policies to ensure that all new and existing users get at least a basic level of protection.

Built-In Protection patches gaps in enterprise protection coverage and is designed to improve the organization's overall security posture by drastically reducing the risk of a breach.

This security upgrade targeted at all Office 365 customers was soon followed, in January 2022, by the addition of differentiated protection for priority enterprise accounts (i.e., critical accounts of high-profile employees such as executive-level managers, the ones who attackers most often target).