Real-Time Safe Link Protection for Teams Messages

Now Generally Available for Microsoft Defender for Office 365 Customers

The July 27 announcement of the General Availability of Safe Links for Teams is a welcome development. What it means is that if your tenant has Microsoft Defender for Office 365, you can update your Safe Links policy to include real-time checking of links posted to Teams chats and channel conversations.

Licensing Requirements

Licensing Microsoft Defender for Office 365 can be a little confusing. Two plans are available, both of which build on Exchange Online Protection (EOP):

• Office 365 E3 and below have Exchange Online Protection. These tenants can license Defender for Office 365 plans as standalone options.
• Microsoft 365 Business Premium includes EOP and Defender for Office 365 Plan 1.
• Office 365 E5/A5 and Microsoft 365 E5 includes EOP and Defender for Office 365 Plan 2.

Microsoft sometimes refers to the “security ladder from EOP to Microsoft Defender for Office 365” as a way of describing how the features in the Defender plans build on what you get in Exchange Online Protection (Figure 1).

In this case, you need at least Microsoft Defender for Office 365 Plan 1 to use Safe Links protection for Teams.

Configuring Defender for Teams

The Safe Links policy is managed through the Policies & rules section of the Microsoft 365 security center. To edit the policy, open Threat policies and select Safe Links. The important change is to set Select the action for unknown or potentially malicious URLs within Microsoft Teams to On (Figure 2).

At the same time, you should review the other Safe Links policy settings to make sure that they’re what you want. Three important settings used to detect and protect against malicious links in email also apply to links in Teams messages:

• Apply real-time URL scanning for suspicious links and links that point to files. In other words, before sending a user to a site, check that the link is not dangerous. If it is, display a warning.
• Do not track user clicks. This setting is normally off and isn’t needed unless you want to track user clicks against links.
• Do not allow users to click through to original URL. If a user clicks on a dangerous link, they see a warning page (Figure 3). You don’t want to allow people to click through the warning to open the dangerous page, so make sure that this setting is on.

You can also see in Figure 2 that I’ve opted to use organization branding on the warning page. The branding used here (and shown in Figure 3) is taken from the tenant’s browser theme.

Usually, Teams calls the default browser to open a web link and that’s when Defender steps in to display the warning page. If a malicious link is used in a channel tab (which means that someone has created a web site tab for that link), Teams opens the warning page in the tab and doesn’t call the browser. If Defender passes the link as safe, Teams opens the page as normal.

Nice Extension into Teams

It’s good that Microsoft has extended Safe Links protection into Teams. Although I suspect that most bad links will continue to arrive in user mailboxes (if not detected and placed in quarantine by Exchange Online Protection), it’s entirely possible that some users will share problematic links through Teams chats or channel conversations. If they do, and your tenant has Defender for Office 365 with a properly configured Safe Links policy, those links will be blocked. What’s not to like about that?

---

Learn about protecting Office 365 by subscribing to the Office 365 for IT Pros eBook. Use our experience to understand what’s importance and how best to protect your tenant.