Microsoft is expanding its security arsenal with a new call reporting capability coming to Teams this spring.
The feature, set to arrive for Targeted Release customers in mid-March, will allow users to flag suspicious or unwanted calls directly from their call history—a straightforward response to what the company identifies as a significant gap in current threat visibility.
“Currently, users have no simple way to report suspicious calls, leaving organizations without visibility into these threats and without clear guidance on how users should respond,”
Microsoft said in a message center update.
By late April, the functionality will reach general availability worldwide, giving organizations a simple mechanism to surface potential scams and phishing attempts that often go unreported.
This move represents another layer in Microsoft’s broader effort to harden Teams against increasingly sophisticated social engineering tactics, particularly as threat actors explore alternatives to text-based attacks that are easier for security systems to analyze and block.
Visibility Where It Matters Most
The reporting process is designed for simplicity. Users will find a “Report a Call” option under “More options” in their Teams call history for one-to-one calls on Windows, Mac, and web platforms.
When someone flags a call as suspicious, limited metadata such as timestamps, call duration, caller ID information, and participant Teams IDs get shared with both the organization and Microsoft.
The feature will be enabled by default across Teams deployments. Administrators who prefer to disable it can toggle off “Report a Call” in the Teams Admin Center under calling settings.
The real value of this feature lies in what happens after users submit reports. Organizations with Defender for Office 365 licenses (Plan 1 or Plan 2) or Defender XDR can access detailed reports through the Microsoft Defender portal, giving security teams granular visibility into potential threats targeting their workforce. For organizations without Defender licenses, basic submission data will be available in the Teams Admin Center under Protection Reports, ensuring that even smaller deployments without premium security subscriptions can track patterns and respond to emerging threats.
Cybersecurity company eSentire’s latest threat research found that voice phishing is on the rise, with a shocking 72% success rate in many instances.
This new reporting function could help both Microsoft and businesses respond more effectively to this surge, providing a feedback mechanism that tracks the threat landscape and its evolution.
The Rise of Self-Reporting in Microsoft’s Security Strategy
This call reporting feature arrives as part of a broader pattern in Microsoft’s security updates: the company is increasingly building self-reporting mechanisms into its products to complement its expanding security layers.
In November, Microsoft introduced a Teams feature allowing users to report false-positive threat alerts for messages incorrectly flagged as malicious.
In January 2026, Microsoft also made several critical security configurations default, including protection against weaponized file types, malicious URL detection, and a system for reporting false positives that went live on January 12.
Algorithms that aggressively flag potential threats will inevitably produce false positives. Giving users an easy way to report these mistakes helps fine-tune detection systems over time.
As attackers adopt new methods to bypass traditional firewalls—such as using voice-based attacks—Microsoft’s approach of enlisting users as active participants in threat detection directly addresses this reality. Security teams gain visibility into attack patterns that might otherwise remain hidden, while the collected metadata helps train detection systems to recognize suspicious calling behaviors.
Building Defenses Against Social Engineering
The new call reporting capability doesn’t exist in isolation. Microsoft recently announced fraud protection features for Teams calls rolling out in mid-February, designed to warn users when external callers attempt to impersonate trusted organizations.
Together, these features show Microsoft responding to well-documented tactics from sophisticated threat actors.
Ransomware groups have been observed creating Teams accounts to contact target organizations directly, often impersonating IT support, vendors, or partners to extract credentials or convince employees to take actions that compromise security.
By giving both automated systems and human users tools to identify and report these attempts, Microsoft is building overlapping layers of defense that make such attacks increasingly difficult to execute successfully.
For enterprises, the combination of user reporting, automated fraud detection, and administrative controls supports a more resilient security posture—one that acknowledges determined attackers will continue to innovate, and that effective defense requires both technology and informed, empowered users working together.
