Teams message-extension for phish reporting

[jusso-dev]

Why

Phishing increasingly moves into chat (Teams). Even where attackers send via email, internal users frequently forward suspicious messages into Teams channels rather than reporting them properly. A Teams message-extension lets users right-click any message and report it to the security team with one click, mirroring the Outlook add-in (#6) and Gmail add-on (filed alongside).

Scope

• Teams app package under public/addins/teams/ (manifest.json + icons + assets).
• Manifest schema https://developer.microsoft.com/en-us/json-schemas/teams/v1.17/MicrosoftTeams.schema.json.
• composeExtensions.commands[].context: ["message"] action command that opens a small modal: "Report this message to security?".
• POST to /api/addin/report (extending the existing schema with source: "teams", bodyText populated from the message text, and a synthesised subject like "Teams message from {sender} in {channel}").
• May need a small adapter on the backend to normalise Teams' message identifier into the messageId field.
• Settings → Integrations: install URL + admin-centre instructions.

Acceptance

• App package validated with the Teams App Validation tool.
• Sideloadable to a test tenant; ribbon entry visible on any chat or channel message.
• Reporting creates a real_mail_reports row tagged source: "teams" (token-match path is not expected to fire for Teams traffic, but should still be safe to attempt).
• Reporter identity sourced from the Teams SSO bot framework token.
• Documented in README.md integrations section.

Notes

• Follow-up to Outlook + Gmail + Teams phish-report add-in #6.
• Teams compose-extensions have stricter auth than Outlook add-ins — likely requires registering an Azure AD app and validating the Teams JWT. Consider scoping a smaller v1 that just opens an adaptive card and posts to the existing endpoint with a Bearer token derived from Office365Connector or equivalent.