Microsoft has named these security features “Collaboration Security” and has launched a public preview of them. This toolkit is only available to customers with Microsoft E5, Microsoft E5 Security, or Microsoft Defender licenses for Office 365.

Because so many people share sensitive and business-critical information via files and messages in Teams, Microsoft has also decided to bring security mechanisms that protect your email environment into Teams. All of these capabilities for detecting and responding to security threats in Teams will be combined in Microsoft 365 Defender to allow association with security signals from other endpoints.

Teams users will also be able to report suspicious messages directly in Teams, which will be forwarded to security teams in Microsoft Defender 365. Microsoft will improve this process by collecting user reports so that cybersecurity teams can review it effectively.

Likewise, zero auto-clean (ZAP) is sent to Teams. It scans messages for signs of malicious content after they’re delivered, and quarantines them immediately if it detects anything problematic. It then starts a full scan of the Teams environment and performs a large-scale quarantine to determine if it has been compromised. Security teams can customize this behavior according to their preferences.

To further increase resilience to cyber attacks, Microsoft also implements advanced search and attack simulations, as described below:

To enable SecOps with proactive threat detection tools, Microsoft is adding the advanced detection capabilities available in Microsoft 365 Defender to support Teams security. Advanced Search is a query-based threat detection tool that lets you explore 30 days of raw data. You can proactively scan events in Teams to find indicators of threats and presence using KQL for guided search or custom queries using the query builder. Flexible data access enables SecOps teams to search and correlate data in email, endpoints, identity, SaaS and DLP applications, providing unlimited searches for both known and potential threats in a single query.

At Microsoft, we know firsthand that an effective security strategy requires the active participation of end users from day one. That’s why we include attack simulations and training tools to encourage education, awareness, and risk assessment for Microsoft Teams users. To further increase the effectiveness of these tools, security teams have advanced analytics and insights into the most common types of attacks seen in your organization’s Microsoft Teams environment and can tailor simulations and training to address specific knowledge gaps.

Finally, it’s important to understand that Collaboration Security is an extension of Microsoft Defender 365, not Teams. Therefore, it will be available if appropriately licensed customers choose to use it, as described in the various detection and response methods described above. While Collaboration Security is currently available in public preview, the timing of general availability has yet to be announced.