Message ID: MC910976
Coming soon to Microsoft Teams: A new feature to enhance the security in external collaboration. If your company allows external domains to contact your users in Teams, we will identify if an external user is impersonating a brand commonly targeted by phishing attacks during their initial contact with your user through Teams Chat. If we detect potential impersonation, we will show a high-risk alert to the user, notifying them to check for suspicious name/email and proceed with caution.
This message is associated with Microsoft 365 Roadmap ID 421190.
[When this will happen:]
Targeted Release: We will begin rolling out late October 2024 and expect to complete by late October 2024.
General Availability (Worldwide): We will begin rolling out mid-November 2024 and expect to complete by mid-November 2024.
[How this will affect your organization:]
Before this rollout: For organizations that have enabled Teams external access, user can receive messages from any user from external domain. Teams does not scan the sender for impersonation risks. When a user receives a chat invitation, the user can accept, or block, or preview the message. Note: Previewing the message does not put the organization at risk.
After this rollout: If your organization enables Teams external access, we will check for potential impersonation activity when your user receives a message from an external sender for the first time. Your users will see a high-risk warning in the Accept/Block flow if we think there is potential impersonation risk, and users must preview the message before they can choose to Accept or block. If users choose to accept, we will prompt them again with potential risk before proceeding with Accept.
This security check will be done automatically. No admin configuration is required. Admins can check the audit log for impersonation attempts detected.
Teams detects an impersonation attempt in chat. In this case, the sender claims to be associated with Microsoft, but is not coming from a legitimate Microsoft domain:
When a user selects Preview their messages in the first screen, and then selects Accept, the user is alerted again to the potential for risk in this screen:
This feature will be on by default.
[What you need to do to prepare:]
This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to update any relevant documentation. We recommend that you educate your users on what the new high-risk Accept/Block screen means and remind users to proceed with caution.
Before rollout, we will update this post with revised documentation.
Source: Microsoft
So, what does this mean for admins and users?
Admins, Rejoice!
First off, admins can breathe a sigh of relief. This update requires no additional configuration on your part. That’s right, no late-night coffee-fuelled sessions tweaking settings or deciphering cryptic error messages. The security check will be done automatically, and any impersonation attempts will be logged in the audit log. So, you can keep an eye on things without lifting a finger. Well, maybe just one finger to click and check the logs, but that’s it!
Users, Stay Alert!
For users, this update is like having a digital bodyguard. When you receive a message from an external sender for the first time, Teams will scan for potential impersonation risks. If it detects something fishy, you’ll see a high-risk warning in the Accept/Block flow. Think of it as Teams saying, “Whoa there, partner! Are you sure you want to talk to this stranger?” You’ll need to preview the message before deciding to accept or block it. And if you choose to accept, Teams will give you one last nudge to ensure you’re aware of the potential risk. It’s like having a friend who’s always looking out for you, but without the constant nagging.
Why This Matters
In a world where phishing attacks are as common as cat videos on the internet, this feature is a game-changer. It adds an extra layer of security, helping to protect users from falling prey to impersonation scams. And let’s be honest, no one wants to be the person who accidentally lets a cyber-criminal into the company’s virtual living room.
What’s Next?
Admins, you might want to update your documentation and educate your users about this new feature. A quick heads-up to your team can go a long way in ensuring everyone knows what to expect and how to handle the new high-risk Accept/Block screen. And remember, this feature will be on by default, so there’s no need to scramble to turn it on.
In conclusion, this update is a win-win for everyone. Admins get a hassle-free security boost, and users get an extra layer of protection. So, what do you think? Are you excited about this new feature? Share your thoughts and let’s get the conversation started!