The Teams message entity panel in Microsoft Defender for Office 365 Plan 2
Important
Some information in this article relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Similar to the The Email summary panel for email messages, Microsoft 365 organizations that have Microsoft Defender for Office 365 Plan 2 (add-on licenses or included in subscriptions like Microsoft 365 E5) have the Microsoft Teams message entity panel in the Microsoft Defender portal. The Teams message entity panel is a details flyout includes all Microsoft Teams data about suspicious or malicious chats, channels, and group chats on a single, actionable panel.
This article explains the information and actions on the Teams message entity panel.
Permissions and licensing for the Teams message entity panel
To use the Email entity page, you need to be assigned permissions. You have the following options:
- Email & collaboration permissions in the Microsoft Defender portal: Membership in the Global Administrator, Security Administrator, or Quarantine Administrator role groups.
- Microsoft Entra permissions: Membership these roles gives users the required permissions and permissions for other features in Microsoft 365:
- Full access: Membership in the Global Administrator or Security Administrator roles.
- Read-only access: Membership in the Global Reader or Security Reader roles.
Where to find the Teams message entity panel
There are no direct links to the Teams message entity panel from the top levels of the Defender portal. Instead, the Teams message entity panel is available in the following locations:
From the Quarantine page at https://security.microsoft.com/quarantine: Select the Teams message tab > select an entry by clicking anywhere in the row other than the check box. The details flyout that opens is the Teams message entity panel.
From the Submissions page at https://security.microsoft.com/reportsubmission:
- Select the Teams messages tab > select an entry by clicking anywhere in the row other than the check box.
- Select the User reported tab > select a Teams entry by clicking anywhere in the row other than the check box. You can filter the entries by selecting
Filter > Message type > Teams. The details flyout that opens is the Teams message entity panel.
What's on the Teams message entity panel
The following information is available at the top of the Teams message entity panel:
- The title of the flyout is the subject or the first 100 characters of the Teams message.
- The current message verdict.
- The number of links in the message.
- The actions that are available at the top of the flyout depend on where you opened the Teams message entity panel.
Tip
To see details about other Teams messages without leaving the Email summary panel of the current message, use 
Previous item and Next item at the top of the flyout.
The next sections in the Teams message entity panel depend on where you opened it:
- Quarantined Teams messages
- View Teams admin submission details
- View user reported Teams message details in Defender for Office 365 Plan 2
The rest of the Teams message entity panel contains the following information, regardless of where you opened it:
Message details section:
- Threats
- Message location
- Sender address
- Time received
- Detection tech
- Teams message ID: You can use this value as an identifier of a Teams message in Defender for Office 365.
Sender section:
- The sender's name and email address
- Domain
- External: The value Yes indicates the message was sent between an internal user and an external user.
One of the following sections, depending on whether the message if from a chat or a channel:
- Chat: The Participants section:
- Conversation type
- Chat name
- Name and email: Contains the name and email addresses of all of the participants (including the sender). If there are more than 10 participants, it also links to a secondary panel that lists all the participants in the chat at the time of the suspected threat.
- Channel: The Channel details section:
- Conversation type
- Conversation name: Contains the name of the channel.
- Name and email: Contains the name and address of the channel.
- Chat: The Participants section:
URLs section:
- Name and type Contains the URL from the Teams message.
- Threat
If the message has more than 10 URLs, select View all URLs to see all of them.
For more information
The Microsoft Defender for Office 365 Email Entity Page and how it works
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for