MC1227625 - User reported security signals in Teams admin center

Updated March 26, 2026: We have updated the timeline. Thank you for your patience.

Introduction

As part of our ongoing protection investments in Microsoft Teams, we will continue expanding the ways users can report suspicious or incorrect activity. Users can already report security concerns and incorrect detections in chats and channels (MC1037768, MC1147984), and more recently in calls (MC1223828). These user‑submitted reports help identify potential malicious activity and strengthen your organization’s security posture.

Building on this foundation, we will introduce new capabilities that allow Teams administrators to review and export user‑reported security submissions directly in the Teams admin center. A new Protection reports section will be added under Analytics and reports, giving admins unified visibility into user‑reported calls, chats, and channels.

This message relates to Microsoft 365 Roadmap ID 536571.

When this will happen

Phase 1 – User‑reported call data

Targeted Release: Rollout will begin in mid-April 2026 (previously mid‑March) and complete in late April 2026 (previously late March).
General Availability (Worldwide): Rollout will begin in late April 2026 (previously mid‑April) and complete in early May 2026 (previously late April).

Phase 2 – User‑reported chats and channels

This phase will add message‑level reporting for security concerns and incorrect detections.
The timeline will be communicated in a future update to this Message center post.

How this affects your organization

Who is affected: Teams administrators who have access to Analytics and reports in the Teams admin center.

What will happen:

A new Protection reports section will appear under Teams admin center > Analytics & reports:
Admins will be able to view and export data about user‑submitted security reports for calls (Phase 1) and later chats and channels (Phase 2).
Reported interactions will begin populating once users submit reports.
Admins will be able to review reported calls or messages and take appropriate action.
Admins will be able to view 1‑day, 7‑day, and 30‑day reporting windows.
This feature will require that user reporting settings be enabled in the Teams admin center.

What you can do to prepare

To ensure reporting data is available when rollout begins, verify that end‑user reporting features are enabled:

Enable Report a call: Teams admin center > Calling settings
Enable Report a security concern and Report incorrect detection: Teams admin center > Messaging settings
Once enabled and users begin submitting reports, access data at: Teams admin center > Analytics & reports > Protection reports > User‑reported security submission
Update internal documentation if your helpdesk relies on reporting workflows.
If you maintain training or onboarding materials about Teams security practices, consider adding guidance on how users can report suspicious interactions.

Compliance considerations

Question	Answer
Does the change store new customer data, if so, where, and is the data cached or permanently stored?	Yes. This change stores new customer data because user‑submitted security reports for calls, chats, and channels are collected and made available in the Teams admin center for administrative review.
Does the change alter how existing customer data is processed, stored, or accessed?	Yes. This change alters how existing customer data is accessed because it surfaces reported calls, messages, and detections to Teams administrators for investigation within the new Protection reports area.
Does the change alter how admins can monitor, report on, or demonstrate compliance activities?	Yes. This change adds new monitoring and reporting capabilities by providing a dedicated Protection reports section where admins can view and export user‑reported security submissions.