Microsoft is set to bolster the security of its Teams platform by introducing automatic warnings for malicious links shared in chat messages. This new feature, integrated into Microsoft Defender for Office 365, aims to shield users from phishing, spam, and malware threats by flagging potentially harmful URLs in both internal and external conversations.
Rollout Timeline and Platform Availability
The rollout of this security enhancement will commence with a public preview for enterprise customers in early September 2025. General availability is anticipated to be completed by mid-November 2025. The feature will be accessible across multiple platforms, including Microsoft Teams on desktop, web, Android, and iOS.
Mechanism of Malicious Link Detection
To address the escalating threat of phishing attacks within collaboration tools, Microsoft Teams will implement a warning system for messages containing URLs identified as malicious by its threat intelligence systems. These links will be scrutinized against Microsoft Defender’s threat intelligence and machine learning-based detection engines to assess their risk potential.
Upon receiving a message with a flagged URL, users will see a conspicuous warning banner within the chat, alerting them to the potential danger of the link. This proactive measure is designed to prevent users from inadvertently accessing harmful websites.
Sender Notifications and Link Re-evaluation
In addition to alerting recipients, the system will notify senders when a link they have shared is flagged as potentially harmful. This allows senders to edit or delete the message, thereby preventing the spread of malicious content.
A notable feature of this system is its ability to re-evaluate URLs even after message delivery. If a link is identified as malicious within 48 hours post-delivery, the system will retroactively apply a warning banner to the message. This process, known as Zero-hour auto purge (ZAP), ensures ongoing protection against evolving threats.
Integration with Existing Security Measures
This new warning system complements existing security features within the Microsoft 365 ecosystem. It works alongside Safe Links, a component of Microsoft Defender for Office 365 that provides time-of-click verification to protect users from malicious links. While Safe Links offers protection upon clicking a link, the new message warnings provide an earlier layer of defense by alerting users before they interact with the URL.
The feature also integrates with ZAP, which can block messages entirely. If ZAP is configured to block a message containing a known malicious URL, that action will take precedence over the warning banner. This layered approach creates a more robust defense against link-based threats that are increasingly common on collaboration platforms.
Administrative Controls and Deployment
The malicious URL protection feature will be enabled by default once it reaches general availability in November 2025. During the public preview period starting in September 2025, administrators will need to opt-in to activate the warnings.
IT administrators can manage the feature’s settings through the Teams Admin Center under “Messaging settings” or via PowerShell commands. This flexibility allows organizations to configure the protection to align with their specific security policies.
Admins are encouraged to review these settings, update any internal documentation, and inform their support teams about the new functionality to ensure a smooth rollout.
Significance of the Update
This update represents a significant advancement in securing the communications of over 320 million monthly active Teams users from sophisticated phishing campaigns. By proactively identifying and flagging malicious links, Microsoft aims to enhance user trust and safety within its collaboration platform.
