Favorite your Message Center and Roadmap items. Access them anytime via your Profile. Export and share with your team or your LLM.

(Updated) Microsoft Defender for Office 365: Enable users to report suspicious Teams messages in Plan 1

Message ID
MC1219788
View in Message Center
Services
Microsoft TeamsMicrosoft Defender XDR
Category
Stay Informed
Tags
New featureUser impactAdmin impact
Rollout
February 2026
Roadmap ID
531760
View in M365 Roadmap
Platforms
AndroidDesktopiOSLinuxMacWeb

Summary

Microsoft Defender for Office 365 Plan 1 will enable users to report suspicious Teams messages as security risks or false positives starting late February 2026. Reports appear in the Defender portal, the feature is opt-in, and admins can configure settings to enhance phishing and malware detection in Teams.

Details

Updated February 13, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

We’re expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections.

Users will be able to report messages in two ways:

  • Report as security risk — for messages suspected to contain phishing, malware, or other malicious content.
  • Report as not a security risk — for messages that were incorrectly identified as threats (false positives).

This message is associated with Microsoft 365 Roadmap ID 531760.

[When this will happen]

General Availability (Worldwide): Rollout begins in late February 2026 (previously mid-March) and is expected to complete by end of February 2026 (previously late March).

[How this affects your organization]

Who is affected:

  • Microsoft 365 tenants using Microsoft Defender for Office 365 Plan 1
  • Users across Microsoft Teams
  • Security admins reviewing reported messages

What will happen:

  • Users will see options to report messages as security risks or not security risks
  • Reports will appear on the User reported page in the Defender portal and/or your configured mailbox.
  • This feature is opt-in and respects your existing User reported settings.
  • Teams admin center toggles for reporting will be automatically enabled when User reported settings are turned on.
[What you can do to prepare]
  • Enable and configure User reported settings in the Defender portal.
  • Review message reported destination preferences for reported messages.
  • Communicate reporting guidance to users.
  • Review supporting documentation.
  • Update internal documentation as needed.

Learn more: 

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

Change History

Show
Published: January 21, 2026
Last Updated: February 13, 2026
February 14, 2026 at 12:31 AM Updated
Summary
Previous
Microsoft Defender for Office 365 Plan 1 will enable users to report suspicious Teams messages as security risks or false positives starting mid-March 2026. Reports appear in the Defender portal, the feature is opt-in, and admins can configure settings to enhance phishing and malware detection across Teams chats.
New
Microsoft Defender for Office 365 Plan 1 will enable users to report suspicious Teams messages as security risks or false positives starting late February 2026. Reports appear in the Defender portal, the feature is opt-in, and admins can configure settings to enhance phishing and malware detection in Teams.
Last Updated Date
Previous
2026-02-09T21:28:38.617Z
New
2026-02-13T20:18:33.363Z
Body Content
Previous

Updated February 9, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

We’re expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections.

Users will be able to report messages in two ways:

  • Report as security risk — for messages suspected to contain phishing, malware, or other malicious content.
  • Report as not a security risk — for messages that were incorrectly identified as threats (false positives).

This message is associated with Microsoft 365 Roadmap ID 531760.

[When this will happen]

General Availability (Worldwide): Rollout begins in mid-March 2026 (previously mid-February) and is expected to complete in late March 2026 (previously mid-February).

[How this affects your organization]

Who is affected:

  • Microsoft 365 tenants using Microsoft Defender for Office 365 Plan 1
  • Users across Microsoft Teams
  • Security admins reviewing reported messages

What will happen:

  • Users will see options to report messages as security risks or not security risks
  • Reports will appear on the User reported page in the Defender portal and/or your configured mailbox.
  • This feature is opt-in and respects your existing User reported settings.
  • Teams admin center toggles for reporting will be automatically enabled when User reported settings are turned on.
[What you can do to prepare]
  • Enable and configure User reported settings in the Defender portal.
  • Review message reported destination preferences for reported messages.
  • Communicate reporting guidance to users.
  • Review supporting documentation.
  • Update internal documentation as needed.

Learn more: 

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

New

Updated February 13, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

We’re expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections.

Users will be able to report messages in two ways:

  • Report as security risk — for messages suspected to contain phishing, malware, or other malicious content.
  • Report as not a security risk — for messages that were incorrectly identified as threats (false positives).

This message is associated with Microsoft 365 Roadmap ID 531760.

[When this will happen]

General Availability (Worldwide): Rollout begins in late February 2026 (previously mid-March) and is expected to complete by end of February 2026 (previously late March).

[How this affects your organization]

Who is affected:

  • Microsoft 365 tenants using Microsoft Defender for Office 365 Plan 1
  • Users across Microsoft Teams
  • Security admins reviewing reported messages

What will happen:

  • Users will see options to report messages as security risks or not security risks
  • Reports will appear on the User reported page in the Defender portal and/or your configured mailbox.
  • This feature is opt-in and respects your existing User reported settings.
  • Teams admin center toggles for reporting will be automatically enabled when User reported settings are turned on.
[What you can do to prepare]
  • Enable and configure User reported settings in the Defender portal.
  • Review message reported destination preferences for reported messages.
  • Communicate reporting guidance to users.
  • Review supporting documentation.
  • Update internal documentation as needed.

Learn more: 

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

February 9, 2026 at 10:30 PM Updated
Title
Previous
Microsoft Defender for Office 365: Enable users to report suspicious Teams messages in Plan 1
New
(Updated) Microsoft Defender for Office 365: Enable users to report suspicious Teams messages in Plan 1
Summary
Previous
Microsoft Defender for Office 365 Plan 1 will allow users to report suspicious Teams messages as security risks or false positives starting mid-February 2026. Reports appear in the Defender portal, with opt-in settings and automatic Teams admin toggles. Organizations should enable user reporting and update guidance accordingly.
New
Microsoft Defender for Office 365 Plan 1 will enable users to report suspicious Teams messages as security risks or false positives starting mid-March 2026. Reports appear in the Defender portal, the feature is opt-in, and admins can configure settings to enhance phishing and malware detection across Teams chats.
Last Updated Date
Previous
2026-01-21T00:34:20.023Z
New
2026-02-09T21:28:38.617Z
Tags
Previous
New feature,User impact,Admin impact
New
Updated message,New feature,User impact,Admin impact
Body Content
Previous
[Introduction]

We’re expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections.

Users will be able to report messages in two ways:

  • Report as security risk — for messages suspected to contain phishing, malware, or other malicious content.
  • Report as not a security risk — for messages that were incorrectly identified as threats (false positives).

This message is associated with Microsoft 365 Roadmap ID 531760.

[When this will happen]

General Availability (Worldwide): Rollout begins in mid-February 2026 and is expected to complete in mid-February 2026.

[How this affects your organization]

Who is affected:

  • Microsoft 365 tenants using Microsoft Defender for Office 365 Plan 1
  • Users across Microsoft Teams
  • Security admins reviewing reported messages

What will happen:

  • Users will see options to report messages as security risks or not security risks
  • Reports will appear on the User reported page in the Defender portal and/or your configured mailbox.
  • This feature is opt-in and respects your existing User reported settings.
  • Teams admin center toggles for reporting will be automatically enabled when User reported settings are turned on.
[What you can do to prepare]
  • Enable and configure User reported settings in the Defender portal.
  • Review message reported destination preferences for reported messages.
  • Communicate reporting guidance to users.
  • Review supporting documentation.
  • Update internal documentation as needed.

Learn more: 

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

New

Updated February 9, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

We’re expanding the ability for users to report suspicious Microsoft Teams messages to customers with Microsoft Defender for Office 365 Plan 1. Previously available only to Plan 2, this update helps security teams identify and investigate potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. This enhancement strengthens protection by incorporating user-reported signals into existing Defender detections.

Users will be able to report messages in two ways:

  • Report as security risk — for messages suspected to contain phishing, malware, or other malicious content.
  • Report as not a security risk — for messages that were incorrectly identified as threats (false positives).

This message is associated with Microsoft 365 Roadmap ID 531760.

[When this will happen]

General Availability (Worldwide): Rollout begins in mid-March 2026 (previously mid-February) and is expected to complete in late March 2026 (previously mid-February).

[How this affects your organization]

Who is affected:

  • Microsoft 365 tenants using Microsoft Defender for Office 365 Plan 1
  • Users across Microsoft Teams
  • Security admins reviewing reported messages

What will happen:

  • Users will see options to report messages as security risks or not security risks
  • Reports will appear on the User reported page in the Defender portal and/or your configured mailbox.
  • This feature is opt-in and respects your existing User reported settings.
  • Teams admin center toggles for reporting will be automatically enabled when User reported settings are turned on.
[What you can do to prepare]
  • Enable and configure User reported settings in the Defender portal.
  • Review message reported destination preferences for reported messages.
  • Communicate reporting guidance to users.
  • Review supporting documentation.
  • Update internal documentation as needed.

Learn more: 

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

Explore Dashboard Sign Up Free