Report Suspicious Messages in Microsoft Teams 

Ever since the pandemic shook the world, Microsoft Teams has revolutionized business communication and become a global favorite. With its widespread usage, ensuring safety and security in Teams has become paramount.  

Have you ever encountered an array of suspicious messages in Teams? Or perhaps worried about handling those pesky messages that occasionally find their way into your conversations? Well, you can put those worries aside, because Microsoft has recently rolled out an incredible feature called “Reporting Messages in Teams” as per MC611677.  

This new feature allows users to easily flag and report messages containing spam, malware, or phishing attempts within Microsoft Teams. So, you no longer need to toggle and struggle in Microsoft Defender to report suspicious Teams messages. Report it straightway from Microsoft Teams!  

In this blog, we’ll take you on a deep dive into the reporting messages in Microsoft Teams. We’ll explore how to report a Teams message, how to enable this feature, and much more. So, get ready to enhance your Teams experience and ensure a safe and secure environment for everyone. Let’s get started! 💻🔒 

User Reported Messages in Microsoft Teams 

With reporting messages enabled in Teams, a Microsoft 365 user can directly “Report a message” containing spam, malware, or phishing in their organization. Most importantly, users can report messages under chats, channels, and meeting conversations in their Microsoft Teams. This blog covers,

• Licenses Requirements for Microsoft Teams User Reported Messages
• How to Enable User Reporting Messages in Microsoft Teams? 
  • User Reporting Suspicious Message Settings in Teams Admin Center
  • User Reporting of Teams Messages in Microsoft 365 Defender
• How to Report a Suspicious Message in Teams? 
• Things to Know When a User Report Suspicious Messages in Microsoft Teams 
• How to View the User Reported Messages in Microsoft 365?
• Reviewing Reported Teams Messages in Microsoft 365 

Licenses Requirements for Microsoft Teams User Reported Messages   

Some licenses and permissions are required to report suspicious messages in Microsoft Teams and to monitor these user-reported messages in Microsoft 365. They are, 

• Microsoft 365 Defender  
• Microsoft 365 Defender Plan 2 
• Microsoft E5/ Office E5  

NOTE: This user reporting suspicious Teams messages feature is not supported for US government organizations such as Microsoft 365 GCC, GCC High, and DoD. 

How to Enable User Reporting Messages in Microsoft Teams? 

Admins can allow users to report suspicious messages in Microsoft Teams by enabling them under two different user-reported settings in Microsoft 365. This user-reported message settings are available in Teams admin center and Microsoft 365 Defender, which are discussed below.   

User Reporting Suspicious Message Settings in Teams Admin Center:

In the Teams admin center, the feature of reporting messages in Microsoft Teams is enabled by default for organizations. But, in case it is turned off, the admin has to turn it on to avail this feature. Most importantly, the Global administrator or Teams administrator can only configure this setting in the organization. 

Navigate to the path below for enabling user reporting messages in Teams admin center. 

Teams admin center 🡢Messaging 🡢Messaging policies 🡢Manage policies 🡢Global (Org-wide default) 🡢Report a security concern 

After navigating, toggle the “Report a security concern” bar to ‘On’ in your organization. 

Moreover, “Report a security concern” option is for the messages with security risks like consisting of spam, malware, or phishing. And for reporting threatening, harassing or inappropriate content which doesn’t abide by the Microsoft communication compliance, “Reporting inappropriate content” option should be toggled On.  

User Reporting of Teams Messages in Microsoft 365 Defender:

However, configuring user reporting of Microsoft Teams messages in Defender is essential to view the user-reported messages under the Submissions page. This setting is on by default for new tenants. On the other hand, existing tenants have to enable this setting for their organization. The Submissions page is used to analyze these users’ reported messages in Microsoft 365 and submit them to Microsoft for further analysis. 

Following the path below, enable reporting messages in Teams under Microsoft 365 Defender portal.  

Microsoft 365 Defender 🡢 Settings 🡢 Email & Collaboration 🡢 User Reported Settings 

Select the “Monitor reported messages in Microsoft Teams” checkbox under Microsoft Teams. And the reported message destination is configured as ‘Microsoft and my reporting mailbox’ by default for organizations created after March 1, 2023. One can configure the reported message destination settings as follows. 

• Microsoft only 
• My reporting mailbox only 
• Microsoft and my reporting mailbox 

Moreover, it’s highly recommended to submit reporting messages to Microsoft after an internal review. Since, Microsoft analyzes these reporting messages in Microsoft Teams to improve detection accuracy. Thus, it’s better to conduct an internal review before submitting user reported messages to Microsoft.  

Through this enabling, admins can identify the suspicious messages sneaked through their organization despite all restrictive policies. Since we have explored the ways of enabling ‘reporting messages in Teams’, now we shall see how to report a message in Teams from user end.  

How to Report a Suspicious Message in Teams? 

Cybersecurity attacks are increasingly sophisticated; thus, admins should educate their users on reporting messages that are of security concern or inappropriate content. So, let’s explore how to report a security risk message in Teams under this section. 

1. Firstly, to report a message select the “More Options” (three dots) button of that message. 
2. Next, select the “More actions” from the alternatives to choose “Report this Message” option. 

3. Then, a flyout page appears to confirm the reporting messages in Teams with the “Report” option. Also, one can mention the type of security risk that a message possesses like spam, phishing, malicious, or inappropriate content before reporting.  

Note: If the user-reported messages policy in communication compliance is not configured for your organization under Microsoft Purview, then the drop-down list to select the security risk type (spam, phishing, or malicious content) is not shown for users while reporting a message in Teams.   

The reported message along with the preceding five messages will be reviewed by an internal reviewer assigned by the organization. 

Furthermore, when a user reports a message and submit it to Microsoft, the message content, files, URLs, message headers, and everything related to the message are copied for continual algorithm review. Microsoft considers that as permission from your organization for enhancing the message hygiene algorithms. And the submissions are deleted by Microsoft soon after their requirement is unneeded. 

Things to Know When a User Report Suspicious Messages in Microsoft Teams 

• A user can report a message multiple times. 
• The reported messages are not notified to their respective senders. 
• The user in Teams client has visibility of user reported messages. 
• And an email notification is sent to the user who reported the message stating,  

“You have successfully reported a Teams message as a security risk.” 

• Finally, admins can customize these email notification elements in user-reported settings if the Teams integration is turned on in Microsoft 365 Defender portal. 

How to View the User Reported Messages in Microsoft 365? 

A dedicated space is provided by Microsoft 365 Defender reports to monitor Microsoft user reported messages. Admins can view the Microsoft 365 Defender user reported messages by navigating through the path below.  

Microsoft 365 Defender 🡢 Reports 🡢Email & collaboration 🡢Email & collaboration reports 🡢 User reported messages 

Effortlessly, admins can monitor reported messages in Microsoft Teams from here for further investigations. Admins can also monitor and decide whether these M365 user reported messages are either false positives or need serious attention from Microsoft.  

Reviewing Reported Teams Messages in Microsoft 365 

Besides monitoring in the Microsoft 365 Defender portal, these user-reported Teams messages can be efficiently reviewed under the User-reported messages policy in the Microsoft Purview Communication Compliance portal. The only setting you can configure in this user-reported message policy is assigning reviewers for the reported messages.  

However, the pending tab under user reported messages policy covers the user-reported messages including their summary, conversation, source, and user history to understand the issue better. Based on the investigation, the reviewer can remove the message from the chat.  

Important Note: The User-reported message policy is created by default for your organization, once after you create your first communication compliance policy. The user-reported messages policy will become available only 30 days after your first policy creation. 

In conclusion, reporting suspicious messages in Microsoft Teams is now a breeze – just a few clicks away! Whether it’s already enabled or quick admin action, we’ve got you covered! However, remember that the user reported messages in Office 365 play a crucial role in safeguarding your organization from various threats. 

Apart from user reporting messages in Microsoft Teams, reporting suspicious emails in Exchange Online, enabling reporting of suspicious MFA requests and configuring password spray attack detection are also essential measures to ensure your safety. Let’s keep all the spam, malware, phishing, and spoofing attacks at bay and maintain a highly protected environment. 

I hope this blog has made you understand message reporting in Microsoft Teams deeper and more straightforward. If you have any questions or want to share your experience, feel free to reach out to us through the comments section.  

Together, we can keep Teams a safe and secure space for everyone! Stay safe and happy collaborating!