M365 Changelog: (Updated) Microsoft Defender for Office empowers end users to report suspicious messages in Microsoft Teams

MC567478 – Soon the ability for Microsoft Teams users to report messages within Teams as security risk will be turned on by default. Security risk messages could include ones that contain phishing or spam or malicious content, such as phishing URL or malware file, spam content. To learn how end users can report, see User reported message settings in Microsoft Teams.

NOTE: This only applies to Microsoft for Defender Plan 2 customers or Microsoft E5/ Office E5 customers.

This message is associated with Microsoft 365 Roadmap ID 100160

When this will happen:

Starting in early June Teams admins will be able to control if users can report security messages within Teams Admin Center. Microsoft expects this to be completed for all tenants by mid-June 2023.

How this will affect your organization:

The toggle setting in Teams admin center will have no effect within the Teams clients, i.e., end users will not be able to report messages for security concern, unless the tenant has also opted into the Teams Security preview.

The toggle is being provided so that Teams admins can opt out of the automatic on by default configuration or define other policies around end users reporting security concerns. The opt out period will be provided for a minimum of 30 days, after which the team client will provide end users with the ability to report messages as a security concern based on the toggle’s setting. 

report message within teams
View image in new tab

NOTE: When a user reports a Teams chat message as a security concern, the message is acted as per your organization’s user reported settings. If end user reports are sent to Microsoft, everything associated with the message is copied to include in the continual algorithm reviews. This copy includes the message content, message headers added by the Microsoft filtering system, any files or URLs, and related data. Microsoft treats your feedback as your organization’s permission to analyze all the information to fine tune the message hygiene algorithms. Your message is held in secured and audited data centers in the USA. The submission is deleted as soon as it’s no longer required. Microsoft personnel might read your submitted messages and files, which is normally not permitted for Teams messages in Microsoft 365. However, your message is still treated as confidential between you and Microsoft, and your message or file isn’t shared with any other party as part of the review process

What you need to do to prepare:

You can opt out of the default “on” option via Teams messaging policies in the Teams admin center by within the opt out period, no earlier than July 10th. The global policy will automatically apply to users in your organization unless you create and assign a custom policy. You can edit the settings in the global policy or create and assign one or more custom policies to turn on or turn off this feature. To learn more, please refer to: Manage messaging policy in teams.

If you have any feedback, please provide it from this Message center post using the text box after you do thumbs up or thumbs down as it will directly reach the responsible team. 

Additional information