Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
The feature 'Malicious URL Protection' is in Public preview.
Link Protection helps to safeguard users from malicious URLs shared in chats, channels, and meeting messages. This feature helps protect your organization from phishing and other link-based threats by automatically displaying warnings when potentially harmful links are detected in Teams conversations.
How Link Protection works in Teams
At a high level, here's how Link Protection works in Microsoft Teams:
- A user sends a message containing a URL in a chat, channel, or meeting conversation.
- Teams automatically scans the URL against threat intelligence databases to identify potentially malicious links.
- If a harmful link is detected, Teams displays clear warnings to both the sender and all recipients in the conversation.
User experience in Teams
Sender experience
When you send a message containing a potentially malicious URL, you can:
- See a clear warning that the shared link is flagged as potentially harmful.
- Receive detailed information about why the link was flagged (for R3 users) or a generic warning (for R4 users).
- Retain the ability to edit or delete the message if desired.
- Modify the message to remove or replace the problematic link.
Receiver experience
As a receiver, when someone sends you a message with a flagged URL, you can:
- See a clear warning before any interaction with the flagged link.
- Receive information about the potential threat to help make informed decisions.
- Choose whether to proceed with caution or avoid clicking the link entirely.
- Receive different levels of detail, depending on your Teams client version (R3 users see detailed explanations, R4 users see generic "This message was flagged" warnings).
External collaboration experience
When collaborating with users from external organizations, Malicious URL Protection in external conversations follows these rules:
If any participating organization in the conversation has URL protection enabled, it applies to everyone.
Warning messages display for all participants when any participating organization has turned on the feature.
Note
This applies to general availability release. Preview release requires all participants to enable the setting for it to work in external collaboration.
Turn off or turn on Link Protection through Teams Admin Center
To enable Link Protection using the Teams Admin Center:
- Sign in to the Teams Admin Center at https://admin.teams.microsoft.com.
- In the left navigation, select Messaging settings.
- Scroll down to Messaging safety settings.
- Turn on the setting: Scan messages for unsafe URLs.
- Select Save to apply the changes.
Once enabled, all users in the tenant can have Link Protection applied to their Teams messages.
Turn off or turn on Link Protection through PowerShell
You can also configure Link Protection using PowerShell with the Teams module:
Set-CsTeamsMessagingConfiguration -UrlReputationCheck "Enabled" -Identity Global
FAQs
- What's the difference between this feature, Safe Links for Teams in Microsoft Defender for Office 365, and zero-hour auto purge (ZAP) for Teams in Microsoft Defender for Office 365 Plan 2?
- Malicious URL protection:
- Is available for all Teams users as part of base protection.
- Doesn't block links on click.
- Adds warnings to messages to inform users about link reputation.
- Doesn't require additional licenses.
- Safe Links:
- Blocks URLs at the time of click based on your Microsoft Defender portal settings
- Requires Microsoft Defender licenses
- Zero-hour auto purge (ZAP):
- Removes malicious URL and content entirely.
- Actions are based on your settings in the Microsoft Defender portal.
- Requires Microsoft Defender for Office 365 Plan 2 license.
The differences are summarized in the following table:
| Feature | Malicious URL Protection | Safe Links | ZAP for Teams |
|---|---|---|---|
| Availability | All Teams users (base protection) | Requires Defender for Office 365 Plan 1 or Plan 2 license. | Requires Defender for Office 365 Plan 2. |
| Action | Displays warning | Blocks on click. | Removes content. |
| Configuration | Automatic | Microsoft Defender portal. | Microsoft Defender portal. |