Microsoft Teams Introduces Brand Impersonation Alerts During Calls

Microsoft plans to roll out new fraud protections in Teams calls, alerting users to external callers posing as trusted organisations in social engineering schemes. This is a step forward to counter voice-based phishing and social engineering in relation to brand impersonation protection for Microsoft Teams calls.

The new Teams security feature, called “Brand Impersonation Protection”, will be enabled by default and begin to roll out to the targeted release ring in mid-February.

Microsoft claims that before suspicious calls are answered, the function evaluates incoming VoIP calls from new external contacts for indications of brand impersonation and shows high-risk call alerts.

Although users have the option to accept, ban, or terminate reported calls, if suspicious signals continue throughout a conversation, these notifications may remain. These alerts are intended to stop social engineering assaults, in which con artists pretend to be reputable companies or governmental organisations in order to obtain private information or money from victims.

In a Microsoft 365 message centre update, Microsoft stated that brand impersonation protection for Teams Calling adds proactive safeguards against fraudulent or deceptive external callers who attempt to appear as trusted organisations. “When users get first-contact external calls, this enhances tenant security and lowers the risk of social engineering. This update is consistent with Microsoft’s continuous efforts in secure collaboration and caller identity protection.

The key feature of this new fraud protection for brand impersonation are 

• Real-Time Analysis: The system looks for signs of brand spoofing, like attempts to impersonate reputable companies or governmental organisations, in incoming VoIP calls from outside contacts.
• Visual Warnings: Before the user answers a call, high-risk call alarms will show up on their screen. If questionable activity persists throughout the chat, these warnings might remain.
• Automatic Deployment: No administrative action is needed to activate the feature, which will be activated by default for all Teams Calling-using organisations.
• User Options: Users have the option to accept, block, or cancel the call right away when a warning displays.

Microsoft urges users to prepare their support personnel for enquiries over the new alerts, even though the Brand Impersonation Protection function activates automatically and doesn’t require admin activities.

Additionally, IT departments should notify helpdesk teams that users may start receiving high-risk call notifications starting next month and update internal training materials.

Teams will automatically improve messaging security against harmful content by default in January by turning on weaponisable file type protection, malicious URL identification, and a mechanism for reporting false positives, as Microsoft previously revealed.

Additionally, Microsoft is getting ready to launch a new feature that alerts administrators to questionable traffic coming from outside domains.

Over 320 million individuals use Teams every month, as Microsoft disclosed at its 2024 Enterprise Connect conference.

The Timeline for Rollout (2026). The rollout for the “Targeted Release” users starts in mid-February, while in late February, the deployment is anticipated to be finished, and general availability will begin. 

There will be a future plan in March 2026 to further improve security; a “suspicious call reporting” tool will be part of it.

Suggestions for institutions are that Microsoft recommends that IT departments update training to educate staff members about the new high-risk alerts and provide internal training materials.

Also to prepare support staff on the need to make sure help desk workers are prepared to respond to enquiries about these automatic alerts.