Microsoft is rolling out a new layer of protection for Teams Calling, targeting a growing threat vector: brand impersonation via VoIP calls. The feature is designed to alert users when incoming calls from external, first-time contacts show signs of impersonating trusted organizations.
While general availability is still to be determined, Microsoft will roll out the feature in a targeted release in mid-May.
At a high level, the feature introduces real-time risk detection for inbound calls, surfacing warnings before a user even answers. Microsoftβs update aims to reduce the effectiveness of these social engineering tactics without disrupting the user experience.
How the Impersonation Detection Works
The new capability focuses specifically on inbound VoIP calls from external callers who have not previously interacted with the recipient. These βfirst-contactβ scenarios are considered higher risk, as there is no established trust relationship or call history to validate legitimacy.
Microsoft evaluates these calls using a range of signals associated with brand impersonation. When a call is flagged as high risk, users will see a warning before answering. This gives employees an opportunity to pause and assess whether the call is legitimate rather than reacting under pressure, a common tactic used in social engineering attacks.
If suspicious signals persist during the conversation, additional warnings will continue to surface throughout the call. Importantly, users retain full control. They can choose to accept, reject, or terminate the call at any point. The feature is enabled by default across tenants and requires no administrative configuration, lowering the barrier to adoption and ensuring consistent baseline protection.
Expanding Teams Security Posture
This update is part of a broader effort by Microsoft to strengthen voice security across the Teams ecosystem, particularly as attackers diversify their methods. Voice has historically been a weaker link compared to email and messaging, where mature filtering and detection systems already exist.
Earlier this year, Microsoft introduced a call reporting feature for Teams. This allows users to flag suspicious or unwanted calls directly from their call history, creating a feedback loop that improves threat visibility and detection over time. It also empowers users to play a more active role in identifying potential threats.
Together, these updates point to a more integrated approach to UC security. Rather than treating voice, chat, and meetings as separate domains, Microsoft is moving toward a unified model where signals and protections span the entire platform.
What It Means for Enterprises
For organizations using Teams Calling, the rollout is designed to be seamless. The feature will apply automatically to environments that receive inbound VoIP calls from external, first-time callers, with no changes required to existing policies or configurations.
However, Microsoft is advising IT teams to prepare for the user-facing impact. Help desk staff should be aware that employees may start seeing high-risk call warnings, and internal training materials may need updating to reflect the new experience. This is particularly relevant for organizations that already include Teams security in employee awareness programs.
Looking ahead, this update underscores that as voice phishing continues to rise, enterprises will need built-in protections that operate in real time without relying solely on user judgment. Microsoftβs latest move is a step in that direction, signaling that voice security is becoming a core requirement of modern collaboration tools.
