Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Link Protection helps to safeguard users from malicious URLs shared in chats, channels, and meeting messages. This feature helps protect your organization from phishing and other link-based threats by automatically displaying warnings when potentially harmful links are detected in Teams conversations.
How Link Protection works in Teams
At a high level, here's how Link Protection works in Microsoft Teams:
- A user sends a message containing a URL in a chat, channel, or meeting conversation.
- Teams automatically scans the URL against threat intelligence databases to identify potentially malicious links.
- If a harmful link is detected, Teams displays clear warnings to both the sender and all recipients in the conversation.
User experience in Teams
Sender experience
When you send a message containing a potentially malicious URL, you can:
- See a clear warning that the shared link is flagged as potentially harmful.
- Receive detailed information about why the link was flagged (for R3 users) or a generic warning (for R4 users).
- Retain the ability to edit or delete the message if desired.
- Modify the message to remove or replace the problematic link.
Receiver experience
As a receiver, when someone sends you a message with a flagged URL, you can:
- See a clear warning before any interaction with the flagged link.
- Receive information about the potential threat to help make informed decisions.
- Choose whether to proceed with caution or avoid clicking the link entirely.
- Receive different levels of detail, depending on your Teams client version (R3 users see detailed explanations, R4 users see generic "This message was flagged" warnings).
External collaboration experience
When collaborating with users from external organizations, Malicious URL Protection in external conversations follows these rules:
If any participating organization in the conversation has URL protection enabled, it applies to everyone.
Warning messages display for all participants when any participating organization has turned on the feature.
Manage Malicious URL Protection in Teams
For new tenants this protection is included as part of Microsoft Teams baseline security posture. Administrators do not need to configure any setting to activate malicious URL protection.
For existing tenants that still display the setting, administrators can review or modify the configuration using the Teams admin center.
To enable Link Protection using the Teams Admin Center:
- Sign in to the Teams Admin Center at https://admin.teams.microsoft.com.
- In the left navigation, select Messaging settings.
- Scroll down to Messaging safety settings.
- Turn on the setting: Scan messages for unsafe URLs.
- Select Save to apply the changes.
Once enabled, all users in the tenant can have Link Protection applied to their Teams messages.
FAQs
What's the difference between this feature, Safe Links for Teams in Microsoft Defender for Office 365, and zero-hour auto purge (ZAP) for Teams in Microsoft Defender for Office 365 Plan 2?
Malicious URL protection:
- Is available for all Teams users as part of base protection.
- Doesn't block links on click.
- Adds warnings to messages to inform users about link reputation.
- Doesn't require additional licenses.
Safe Links:
- Blocks URLs at the time of click based on your Microsoft Defender portal settings
- Requires Microsoft Defender licenses
Zero-hour auto purge (ZAP):
Removes malicious URL and content entirely for internal messages.
Actions are based on your settings in the Microsoft Defender portal.
Requires Microsoft Defender for Office 365 Plan 2 license.
The differences are summarized in the following table:
Feature Malicious URL Protection Safe Links ZAP for Teams Availability All Teams users (base protection) Requires Defender for Office 365 Plan 1 or Plan 2 license. Requires Defender for Office 365 Plan 2. Action Displays warning Blocks on click. Removes content. Configuration Automatic Microsoft Defender portal. Microsoft Defender portal.