Microsoft is rolling out a series of new-ish security features across Microsoft 365 in 2026 — and these updates are no accident. They’re direct responses to how attackers are exploiting collaboration tools like Teams, Slack, Zoom, and Google Chat. In this episode, Sherri and Matt break down the five features that matter most, why they’re happening now, and how every organization can benefit from these lessons, even if you’re not a Microsoft shop.

We explore the rise of impersonation attacks inside collaboration platforms, the security implications of AI copilots like Microsoft Copilot and Gemini, and why identity boundaries and data governance are quickly becoming foundational to modern security programs. You’ll come away with a clear understanding of what these new-ish Microsoft features signal about the evolving threat landscape — and practical steps you can take today to strengthen your security posture.

Key Takeaways

1. Treat collaboration platforms as high-risk communication channels. Attackers increasingly use Teams, Slack, Zoom, and similar tools to impersonate coworkers or support staff, and organizations should help employees verify unexpected contacts just as rigorously as they verify email.
2. Make it easy for users to report suspicious activity. Whether or not your platform offers a built-in reporting feature like Microsoft’s suspicious-call button, employees need a simple, well-understood way to escalate strange messages or calls inside collaboration tools.
3. Monitor external collaboration for anomalies. Microsoft’s new anomaly report highlights a growing need across all ecosystems to watch for unexpected domains, unusual activity patterns, and impersonation attempts that occur through external collaboration channels.
4. Classify and label sensitive data before enabling AI assistants. AI tools such as Copilot, Gemini, and Slack GPT inherit user permissions and may access far more information than intended if organizations haven’t established clear sensitivity labels and access boundaries.
5. Enforce identity and tenant boundaries to limit data leakage. Features like Tenant Restrictions v2 demonstrate the importance of restricting where users can authenticate and ensuring that corporate data stays within approved environments.
6. Update security training to reflect collaboration-era social engineering. Modern attacks frequently occur through chat messages, impersonated vendor accounts, malicious external domains, or voice/video calls, and training must evolve beyond traditional email-focused programs.

Please follow our podcast for the latest cybersecurity advice, and visit us at www.LMGsecurity.com if you need help with technical testing, cybersecurity consulting, and training!

Resources Mentioned

• Microsoft 365: Advancing Microsoft 365 – New Capabilities and Pricing Update: https://www.microsoft.com/en-us/microsoft-365/blog/2025/12/04/advancing-microsoft-365-new-capabilities-and-pricing-update/

• Microsoft 365 Roadmap – Suspicious Call Reporting (ID 536573): https://www.microsoft.com/en-us/microsoft-365/roadmap?id=536573

• Check Point Research: Exploiting Trust in Microsoft Teams: https://blog.checkpoint.com/research/exploiting-trust-in-collaboration-microsoft-teams-vulnerabilities-uncovered/
• Phishing Susceptibility Study (arXiv): https://arxiv.org/abs/2510.27298
  
• LMG Security Video: Email Bombing & IT Helpdesk Spoofing Attacks—How to Stop Them: https://www.lmgsecurity.com/videos/email-bombing-it-helpdesk-spoofing-attacks-how-to-stop-them/