Microsoft to enhance security for its Teams platform by automatically warning users about malicious links in chat messages.
The new feature, part of Microsoft Defender for Office 365, is designed to protect users from phishing, spam, and malware attacks by flagging potentially harmful URLs shared in both internal and external conversations.
The update will begin rolling out in a public preview for enterprise customers in early September 2025, with worldwide general availability expected to be complete by mid-November 2025.
The feature will be available for Microsoft Teams on desktop, web, Android, and iOS platforms.
Enhanced Protection Against Malicious Links
To combat the growing threat of phishing attacks within collaboration tools, Microsoft Teams will display a warning banner on any message containing a URL that its threat intelligence systems identify as malicious.
The system scans links against Microsoft Defender’s threat intelligence and machine learning-based detection engines to determine if they pose a risk.
When a user receives a message with a flagged URL, a clear warning will appear directly within the chat, alerting them that the link may be unsafe.
This warning system also informs the sender that a link they shared has been flagged as potentially harmful, allowing them to edit or delete the message.
A key aspect of this feature is its ability to re-evaluate URLs even after a message has been delivered.
Suppose a link is identified as malicious up to 48 hours post-delivery. In that case, the system will retroactively apply a warning banner to the message, a process known as Zero-hour auto purge (ZAP).
This new warning system complements existing security measures within the Microsoft 365 ecosystem. It works alongside Safe Links, a feature in Microsoft Defender for Office 365 that provides time-of-click verification to protect users from malicious links.
While Safe Links offers protection upon clicking a link, the new message warnings provide an earlier layer of defense by alerting users before they interact with the URL.
The feature also integrates with ZAP, which can block messages entirely. If ZAP is configured to block a message containing a known malicious URL, that action will take precedence over the warning banner.
For organizations, this layered approach creates a more robust defense against link-based threats that are increasingly common on collaboration platforms.
The malicious URL protection feature will be enabled by default once it reaches general availability in November 2025. During the public preview period starting in September 2025, administrators will need to opt-in to activate the warnings.
IT administrators can manage the feature’s settings through the Teams Admin Center under “Messaging settings” or via PowerShell commands. This allows organizations to configure the protection to fit their specific security policies.
Admins are encouraged to review these settings, update any internal documentation, and inform their support teams about the new functionality to ensure a smooth rollout.
This update is a significant step in securing the communications of over 320 million monthly active Teams users from sophisticated phishing campaigns.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
