Microsoft Teams is rolling out a new feature that allows users to misreport messages flagged as security threats.
The capability, rolling out by the end of November 2025, targets organizations using Microsoft Defender for Office 365 Plan 2 or Microsoft Defender XDR to improve threat detection accuracy.
The feature addresses a common security challenge: false positives. When security systems flag legitimate messages as threats, it creates friction for users and can reduce trust in security tools.
By enabling users to report these misidentifications directly within Teams, Microsoft aims to refine detection models and improve the overall security experience.
How the Reporting Feature Works
Users can report messages containing URLs they believe were incorrectly identified as malicious directly through the Teams interface.
These reports appear in the User-reported tab within the Microsoft Defender portal, where security teams can review and analyze patterns.
This feedback mechanism creates a continuous improvement loop for threat detection algorithms.
The feature is available across all major platforms, including Teams on Android, Desktop, iOS, Mac, and Web.
This broad platform support ensures users can report issues regardless of their device, maximizing engagement and data collection.
During the initial rollout phase, the feature is off by default. However, when the feature reaches general availability, it will be enabled by default in Teams for organizations that meet the licensing requirements.
This default-on approach ensures maximum participation and faster data collection for improving detection accuracy.
Security administrators must enable the feature in two locations for complete functionality.
First, admins need to activate it in the Teams admin center under Messaging settings > Messaging safety. Second, they must enable the corresponding setting in the Microsoft Defender portal.
For new tenants, the Microsoft Defender portal setting is on by default, simplifying configuration.
However, existing organizations must manually enable this setting to activate the feature. This dual-control approach gives administrators granular oversight while ensuring flexibility in deployment.
Admins can also control feature access through Entra ID group membership, allowing organizations to gradually roll out the capability to specific departments or teams before full deployment.
Microsoft stores reported submissions in the Defender portal’s Submissions tab. This data is used to train and improve AI/ML detection models over time, refining how the system classifies potential threats.
Organizations should review Microsoft Learn documentation for detailed compliance guidance.
The feature represents Microsoft’s commitment to collaborative security, transforming users into active participants in threat detection improvement rather than passive observers of security decisions.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.