Enhanced Security Features Coming to Microsoft Teams in 2026

Microsoft Teams is set to introduce a new security feature that will allow security administrators to prevent external users from sending messages, calls, or meeting invitations to members of their organization. This feature is expected to start rolling out in early January and will be integrated with Defender for Office 365. Admins will be able to manage blocked external contacts through the Tenant Allow/Block List in the Microsoft Defender portal.

The update will work across the Defender XDR web portal and all Teams clients. It is important to note that existing domain blocks or federation configurations in the Teams admin center will not be affected by this update.

Before utilizing this feature, organizations must enable two settings in the Teams admin center, which are disabled by default: “Block specific users from communicating with people in my organization” and “Allow my security team to manage blocked domains and blocked users.”

Once these settings are enabled, security admins with Teams permissions will be able to add, delete, and view blocked external users and domains directly from the Defender portal. The system can support up to 4,000 blocked domains and 200 email addresses.

The new capability will be available to all organizations using Teams with Microsoft Defender for Office 365 Plan 1 or Plan 2 subscriptions. This centralized approach aims to enhance security and compliance by giving organizations control over external user access across Microsoft 365 services.

Microsoft has stated that the rollout of this feature will commence in early January 2026 and is expected to be completed by mid-January 2026. The primary purpose of this feature is to prevent cybercrime groups, including ransomware gangs, from exploiting Teams in social engineering attacks targeting employees.

Teams will also provide warnings to admins about suspicious traffic from external domains and will enhance messaging security by enabling malicious URL detection, protection against weaponizable file types, and a system for reporting false positives starting in January.

During the 2024 Enterprise Connect conference, Microsoft revealed that over 320 million people use Teams each month, highlighting the platform’s widespread adoption.

Broken IAM isn’t just an IT problem – the impact ripples across your whole business.

This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.

Get the guide