For years, enterprise telephony operated under a comfortable assumption:
if the call came through the platform, it was trusted by default.

With the introduction of Brand Impersonation Protection for Teams Calling, Microsoft is warning users before they answer a call. This is due to the attack pattern changed.

Attackers no longer rely only on email or chat.
They are now using real-time calls inside collaboration platforms to:

• impersonate trusted brands
• pose as internal IT or support teams
• pressure users in the moment
• bypass traditional security controls

Microsoft is explicitly acknowledging that first-contact external calls have become an effective social‑engineering vector.

---

What Microsoft announced

According to Message Center MC1219793, Microsoft is rolling out a protection that:

• evaluates inbound first‑contact external calls
• detects signals associated with brand impersonation
• displays high‑risk warnings before the user answers
• can persist during the call if risk signals remain
• is enabled by default
• does not modify existing Teams Calling policies

---

What this does NOT solve

To stay grounded, it’s important to be clear about the limits:

• it does not eliminate fraud
• it does not replace user awareness
• it does not remove the need for internal processes
• it does not make Teams Calling “secure by default”

This is a defensive layer, not a silver bullet.

---

Microsoft is not saying Teams is insecure.
It’s saying the environment has changed.