April 2, 2023

Microsoft has extended the phishing protection offered by Microsoft Defender for Office 365’s Safe Links feature to Microsoft Teams. Safe Links provides time-of-click verification of URLs. This process entails scanning URLs for potentially malicious content and again evaluating them when they are clicked on by a user.

Remote working fueled the usage of online collaboration tool. In March 2020, Microsoft Teams hit 44 million daily users. In April 2020, the number surpassed 75 million, and this wide pool of potential targets has not gone unnoticed by phishers. In April 2021, usage surpassed 145 million a day.

phishing Microsoft Teams

Microsoft announced that the Safe Links feature will now be available for Microsoft Teams if the customers also use Microsoft Defender for Office 365.

Safe Links has been a critical feature in Defender for Office 365 and Microsoft’s detonation systems “detect close to 2 million distinct URL-based payloads that attackers create to orchestrate credential phishing campaigns”.

At the time the email is received by your organization, the link appears to be harmless, and so the mail is delivered. With time of click inspection, however, Safe Links would have checked the link on delivery, and ensured that whenever the link is clicked it is redirected and inspected. If the link is malicious, the user is prevented from accessing the site, and if the link is harmless, the user is allowed to continue.”

Such links may also be sent via conversations, group chats, and channels in Microsoft Teams, as well as included in documents shared via those. To use Safe Links, enterprise admins must configure a Safe Links policy in the Microsoft 365 Defender portal.

1 thought on “Microsoft Extends Phishing Protection to Teams

  1. After going over a few of the articles on your website, I seriously like your technique of writing a blog. I added it to my bookmark site list and will be checking back soon. Please check out my web site as well and let me know what you think.

Leave a Reply

%d bloggers like this: