Microsoft Teams to add brand impersonation warnings to calls

Microsoft Teams will soon display automatic warnings when external callers attempt to impersonate trusted organizations during VoIP calls. The new 'Brand Impersonation Protection' feature, scheduled to begin rolling out to targeted release rings in mid-February 2026, represents a proactive defense against social engineering attacks that cost organizations billions annually.

How Brand Impersonation Protection Works

The feature analyzes incoming calls from first-time external contacts, checking for signs of brand impersonation before the call is answered. When suspicious signals are detected, Teams displays a high-risk call warning that persists throughout the conversation if the suspicious behavior continues.

Users retain full control over flagged calls with three options: accept the call despite the warning, block the caller entirely, or end the conversation. The system activates automatically without requiring administrative configuration, though Microsoft recommends organizations prepare their support staff for user questions about the new alerts.

This protection addresses a critical gap in communication security. Traditional spam filters handle email threats effectively, but voice-based social engineering attacks have become increasingly sophisticated. Attackers research their targets, spoof legitimate phone numbers, and use social cues to build trust before requesting sensitive information or financial transactions.

The Social Engineering Threat Landscape

Social engineering attacks via voice calls have evolved beyond simple robocalls. Modern attackers conduct reconnaissance using data from previous breaches, LinkedIn profiles, and company websites. They impersonate IT support, legal departments, vendor partners, or government agencies with increasing credibility.

The FBI's Internet Crime Complaint Center reported that business email compromise and voice-based scams resulted in over $2.7 billion in losses during 2023 alone. While Teams previously focused on securing messaging with malicious URL detection and file type protection, voice calls remained a vulnerable attack vector.

Brand Impersonation Protection adds another layer to Microsoft's identity security investments. The company has been strengthening Teams security defaults throughout 2024 and 2025, including malicious content detection and reporting systems for false positives.

Implementation and Administrative Preparation

Since the feature enables automatically, organizations should focus on user education rather than technical configuration:

Update Training Materials: Include examples of the new warning messages in security awareness training. Users need to understand that these warnings are legitimate security features, not system errors.

Prepare Helpdesk Teams: Support staff should be ready to explain why legitimate external partners might trigger warnings, particularly if they use VoIP systems that share characteristics with known attack patterns.

Review External Contact Policies: Organizations with frequent external caller interactions should document trusted partners and consider whether their communication patterns might trigger false positives.

Monitor Initial Rollout: IT administrators should track warning frequency during the first weeks after deployment to identify potential workflow disruptions or training gaps.

Broader Teams Security Enhancements

This release coincides with other Teams security improvements. Microsoft is simultaneously strengthening default messaging security by enabling malicious URL detection and weaponizable file type protection. The company is also developing features to warn administrators about suspicious traffic from external domains.

These updates reflect Microsoft's recognition that collaboration platforms have become primary attack surfaces. With over 320 million monthly active users reported during the 2024 Enterprise Connect conference, Teams represents a massive target for threat actors.

Practical Recommendations for Organizations

Communicate Early: Inform users about the upcoming changes before they encounter their first warning. This prevents confusion and maintains trust in the security system.

Establish Response Procedures: Create clear guidelines for handling flagged calls. Should users report them to security teams? Should certain departments (like finance) have different protocols?

Test Integration Points: If your organization uses Teams for customer-facing communications, verify that legitimate customer calls won't trigger warnings that damage business relationships.

Consider False Positive Scenarios: New vendors, contractors, or partners calling for the first time might trigger warnings. Document a process for quickly whitelisting legitimate new contacts.

Leverage Microsoft 365 Message Center: Subscribe to updates about this feature's rollout timeline and any adjustments to detection algorithms based on early feedback.

Looking Ahead

Brand Impersonation Protection represents a shift from reactive to proactive security in communication platforms. Rather than relying solely on user reporting or post-incident analysis, Teams now attempts to prevent successful social engineering attacks in real-time.

This approach aligns with Zero Trust principles that assume breach and verify every interaction. As attackers continue developing new techniques, expect similar protections to expand into video calls, meeting invitations, and file sharing workflows.

Organizations should view this as one component of a comprehensive security strategy. While automated warnings help, they work best alongside ongoing security awareness training, clear escalation procedures, and robust identity verification protocols for sensitive transactions.

The mid-February rollout gives administrators approximately four weeks to prepare their organizations. Organizations using targeted release rings will see the feature first, providing valuable feedback before broader deployment.

For more information about configuring Teams security features, administrators can consult the Microsoft 365 security documentation and the Teams security baseline resources.