During RSA Conference 2026, Microsoft confirmed an important shift in how it is approaching security in Microsoft Teams: enterprise voice (Teams Calling) is now explicitly included in the Microsoft Defender protection model.
This announcement marks a turning point for Unified Communications and security administrators, as it formally acknowledges something that until recently was a blind spot: calls inside collaboration platforms have become a real vector for social‑engineering attacks.
Microsoft stated that Microsoft Defender is expanding its capabilities to cover calling scenarios in Microsoft Teams, with a specific focus on impersonation and voice‑based fraud attacks (vishing).
The goal is clear:
to protect users and give security teams visibility while the attack is happening, not only after the fact.
Key points highlighted in the announcement include:
- Detection and protection against suspicious calls in Teams Calling
- Real‑time risk signals, not just post‑incident reports
- Forensic visibility for SOC teams
- Voice signals integrated into Microsoft Defender investigation workflows
Why Microsoft is making this move now
Microsoft was explicit about the context behind the announcement:
email is no longer the only front door for attacks.
Attackers are increasingly shifting toward:
- collaboration platforms
- real‑time communication channels
- environments where trust is implicit
In particular, Microsoft Teams calls have become attractive because they allow attackers to:
- apply pressure in real time
- adapt their narrative dynamically
- bypass traditional email‑ and file‑based security controls
Microsoft refers to this shift as “the new front door of attacks” —
a new entry point that was not sufficiently covered by traditional security models.
With this announcement, Microsoft makes its position clear:
- Teams Calling is no longer treated as just a communication service
- Voice is now recognized as a security attack surface
- Calls can generate security signals, not only operational logs
- Microsoft Defender can help detect, investigate, and respond to voice‑based impersonation attempts
This represents an important conceptual shift:
telephony is no longer invisible to security tooling.
What this means for UC administrators
For Unified Communications administrators, this announcement changes the context:
- Calls are no longer only about quality or user experience
- They can become security events
- UC now shares responsibility with security and SOC teams
- Teams Phone becomes part of risk discussions, not just operations
Even with new Defender capabilities, the UC admin role remains critical, especially for:
- coordination with security teams
- understanding calling flows and context
- communicating changes and expectations to end users
Deja un comentario