| MC1187679 | Microsoft Teams: Protection against tenant-owned domain impersonation in Teams chat |
|---|
| Classification | planForChange |
|---|---|
| Last Updated | 11/18/2025 16:21:05 |
| Start Time | 11/18/2025 16:20:25 |
| End Time | 03/31/2026 07:00:00 |
| Message Content |
[Introduction:] Coming soon to Microsoft Teams: A new security feature to enhance external collaboration. If your organization allows external domains to contact users in Teams, we will identify if an external user is impersonating a domain owned by your tenant during their initial contact through Teams chat. If we detect potential impersonation, we will show a high-risk alert to the user, notifying them to check for suspicious name/email and proceed with caution. This message is associated with Microsoft 365 Roadmap ID 526780. [When this will happen:] General Availability: Begins in early December 2025 and expected to complete by mid-December 2025. [How this affects your organization:] Who is affected: Organizations that have enabled Teams external access. What will happen:
Screenshot 1 – User sees this warning when the sender is detected as a potential impersonator of the tenant’s own domain. In this example, the sender’s domain is “fabrikarn.com”, which looks like the recipient tenant’s own domain “fabrikam.com”:
Screenshot 2 – When user clicks on “Preview their messages safely”, they can see the message from the sender, and make the decision of “Accept” or “Block”:
Screenshot 3 – If the user decides to accept, they will be prompted again to check the sender’s legitimacy and confirm that they are not phishing, before the chat is officially accepted: [What you can do to prepare:]
Learn more: Security and compliance in Microsoft Teams | Microsoft Teams | Microsoft Learn [Compliance considerations:] No compliance considerations identified, review as appropriate for your organization. |
