Microsoft Teams: Protection against tenant-owned domain impersonation in Teams chat

Created

18

.

11

.

2025

Last updated

.

.

Reading time

3 minutes

Die Inhalte auf dieser Seite wurden maschinell übersetzt.

< Back to Message Center Archive
Microsoft Teams will soon detect and warn users of tenant-owned domain impersonation in external chats, displaying high-risk alerts when suspicious. This feature, enabled by default for organizations allowing external access, launches December 2025 across all platforms with no admin controls or required actions.

[Introduction:]

Coming soon to Microsoft Teams: A new security feature to enhance external collaboration. If your organization allows external domains to contact users in Teams, we will identify if an external user is impersonating a domain owned by your tenant during their initial contact through Teams chat. If we detect potential impersonation, we will show a high-risk alert to the user, notifying them to check for suspicious name/email and proceed with caution.

This message is associated with Microsoft 365 Roadmap ID 526780.

[When this will happen:]

General Availability: Begins in early December 2025 and expected to complete by mid-December 2025.

[How this affects your organization:]

Who is affected: Organizations that have enabled Teams external access.

What will happen:

  • Before rollout: Teams only scanned for brand impersonation risks.
  • After rollout: Teams will check for both brand and tenant-owned domain impersonation attempts.
  • When impersonation is detected, users will see the warning: “This looks like a spam or phishing attempt” and must preview and validate the sender before accepting the chat invitation.
  • The feature will be ON by default for all tenants that allow external access in Teams.
  • There are no admin controls to manage this functionality; admins cannot disable this feature.
  • No admin configuration changes are required.
  • Platform availability: Android, Desktop, iOS, Mac, Web

Screenshot 1 - User sees this warning when the sender is detected as a potential impersonator of the tenant’s own domain. In this example, the sender’s domain is “fabrikarn.com”, which looks like the recipient tenant’s own domain “fabrikam.com”:

 user settings

Screenshot 2 - When user clicks on “Preview their messages safely”, they can see the message from the sender, and make the decision of “Accept” or “Block”:

 user settings

Screenshot 3 - If the user decides to accept, they will be prompted again to check the sender’s legitimacy and confirm that they are not phishing, before the chat is officially accepted:

 user settings 

[What you can do to prepare:]

  • No action is required; this security check is automatic.
  • Admins can review audit logs for impersonation attempts detected.

Learn more: Security and compliance in Microsoft Teams | Microsoft Teams | Microsoft Learn

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

We are here for you!

Do you have any questions or need assistance? We’re happy to help.

Contact us!

Original Message Center post >

© itelio GmbH