Microsoft is extending its impersonation protection in Teams Chat, first introduced in October 2024 for known brands, to tenant-owned domains. With this enhancement, Teams scans the first-contact message from external users for potential brand and domain impersonation risks.
- This security feature should improve protection when collaborating with external users in Teams.
- The feature is available by default for organizations that allow external domains to contact users in Teams.
Timeline
The rollout should be completed in December 2025.
How does this affect your organization?
In Q4 2024, Microsoft began rolling out brand impersonation protection for Teams chats with external users. This protection focuses on well-known brands such as Microsoft, Google, banks, and other organizations commonly impersonated in phishing attempts.
If your organization enables Teams external access, we will check for potential impersonation activity when your user receives a message from an external sender for the first time. Your users will see a high-risk warning in the Accept/Block flow if we think there is potential impersonation risk, and users must preview the message before they can choose to Accept or block. If users choose to accept, we will prompt them again with potential risk before proceeding with Accept.
With the current update, Microsoft expands impersonation protection to include your tenant-owned domains configured in the Microsoft 365 admin center. Teams will now scan the first-contact message for both brand impersonation and tenant-owned domain impersonation risks.
For example, if one of your tenant domains is fabrikam.com and an external actor initiates a chat from fabrikarn.com, Teams will flag the first-contact message as a potential phishing attempt. Users must preview and validate the sender before accepting the chat invitation.
The update is available by default for all tenants that allow external access in Teams. Administrators cannot disable or configure brand or tenant-owned domain impersonation protection.
