Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks.

Safe Links is a feature in Defender for Office 365 (previously known as Office 365 Advanced Threat Protection) that provides URL scanning and “time-of-click verification” of URLs and links in email messages, groups, and other locations.

Using Safe Links can help protect enterprise organizations from malicious links sent by threat actors behind phishing attempts and other attacks.

This added protection couldn’t have come at a better time, seeing that, based on Microsoft’s stats, the Microsoft Teams userbase has exploded over the last 18 months since the start of the pandemic and the quick switch to remote work.

Microsoft Defender for Office 365 Safe Links
Image: Microsoft

Available for all Teams users

“With today’s announcement, organizations with Microsoft Defender for Office 365 can further protect Microsoft Teams users from malicious phishing attacks that are often orchestrated using weaponized URLs,” Microsoft said.

“Safe Links in Defender for Office 365 scans URLs at the time of click to ensure that users are protected with the latest intelligence from Microsoft Defender.”

The newly Safe Links protection is now generally available to all Teams users, and it works for links in conversations, group chats, and Teams channels.

Since there is no Safe Links policy enabled by default, you will have to create one or more policies to get the protection of Safe Links in Microsoft Teams.

To configure Safe Links to protect your Microsoft Teams users, set up a Safe Links policy in the Microsoft 365 Defender portal.

More information about configuring Safe Links policies for various Office 365 tools, including Microsoft Teams, is available on Microsoft’s documentation portal.

Microsoft has also enhanced Exchange Online phishing protection capabilities in March by adding support for external email message tags, which automatically marks all messages received from external senders.

Office 365 was also updated with protection against downgrade and man-in-the-middle (MITM) attacks with the inclusion of SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online.

Microsoft is also working on including support for the DNSSEC (Domain Name System Security Extensions) and DANE for SMTP (DNS-based Authentication of Named Entities) to Office 365 Exchange Online for tampering protection and secure email transport.

“The first phase will include only outbound support (mail sent outbound from Exchange Online) and we aim to enable this by the end of the calendar year 2020,” the company explained.

“The second phase will add inbound support for Exchange Online and we plan to enable that by the end of 2021.”