Microsoft is rolling out a new security feature in Teams aimed at protecting users from scam calls where attackers impersonate to represent trusted organizations such as banks, government agencies, or well-known companies.
The feature, called Brand Impersonation Protection, aims to stop social engineering attacks that increasingly rely on voice calls rather than email. It will introduce clear warnings during Teams calls when the system detects signs that an external caller may be impersonating a legitimate brand.
How The New Protection Works
Brand Impersonation Protection focuses on first-time external VoIP calls. When an unknown external caller reaches out, Teams will analyze call signals for patterns commonly linked to brand impersonation scams.
If the system detects a high level of risk, users will see a high-risk warning before answering the call. At that point, users can choose to accept, block, or end the call. If suspicious behaviour continues after the call is answered, the warning may remain visible throughout the conversation, reminding users to stay alert.
Microsoft says the goal is to prevent scammers from pressuring employees into sharing sensitive information or transferring money by pretending to represent legitimate organizations.
“Brand Impersonation Protection for Teams Calling adds proactive safeguards against fraudulent or deceptive external callers who attempt to appear as trusted organizations,” Microsoft said in a Microsoft 365 message center update.
“This helps reduce social-engineering risks and improves tenant security when users receive first-contact external calls. This update aligns with Microsoft’s ongoing investments in caller identity protection and secure collaboration.”
Enabled Automatically, But IT Teams Should Prepare
The new feature does not require any configuration or action from administrators. It will activate automatically once it rolls out to an organization.
However, Microsoft recommends that organizations prepare their IT support and helpdesk teams ahead of the rollout. Users may have questions when they begin seeing high-risk call alerts, and Microsoft advises organizations to update internal training materials so employees understand how to respond to the warnings.
However, the Redmond giant recommends that IT departments prepare helpdesk and support teams ahead of the rollout. Users may have questions when they begin seeing high-risk call alerts, and Microsoft advises organizations to update their internal training materials so employees understand how to respond to the warnings.
Part Of A Broader Security Push
Brand Impersonation Protection is part of Microsoft’s broader effort to enhance Teams’ security against modern cyber threats. Earlier this year, Microsoft began strengthening messaging security by default, including protections against malicious links, dangerous file types, and tools for reporting false positives. The company is also working on new alerts for administrators to flag suspicious traffic from external domains.
With more than 320 million monthly users, Teams has become an attractive target for attackers. Â The company states that these updates reflect its ongoing investment in caller identity protection and secure collaboration across its platforms.
Microsoft says the rollout will begin in mid-February for users in the Targeted Release program, and the feature will be enabled by default after testing is complete.
