Microsoft Teams: External domains anomalies report [MC1219794]

Modern Workspace Pro 21 January 2026No CommentsMicrosoft Teams

Message ID: MC1219794

[Introduction]

To help admins detect unusual or potentially risky interactions with external organizations, Microsoft Teams is introducing the External domains anomalies report. This report analyzes cross-tenant communication patterns for your tenant and highlights sudden spikes or abnormal engagement activity. These insights support proactive investigation and help protect your organization while enabling secure external collaboration.

This message is associated with Microsoft 365 Roadmap ID 536572.

[When this will happen]

General Availability (Worldwide): Rolling out in late February 2026 and expected to complete in March 2026.

[How this affects your organization]

Who is affected:

Teams administrators can view this report for their Microsoft 365 tenant if their organization collaborates with external organizations.

What will happen:

A new External domains anomalies report will be available in the Microsoft Teams admin center under Protection reports.
Admins can select Communication anomalies, choose a date range, and run the report to view results:
Insights include external domains with unusual communication activity:
- External domain name
- Total anomalies detected
- New 1:1 chat threads created by that domain
- New group chat threads created by that domain
A Block option is available directly in the report for managing external domains:

[What you can do to prepare]

No action is required to access the report.

To receive proactive alerts:

Enable External domains anomalies alerts in the Teams admin center:
- Go to Notifications & alerts > Rules.
- Select External domains anomalies.
- Set status to Active.
Specify a Teams channel for notifications if desired.