Phishing is one of the most common and easiest ways a cybercriminal can infiltrate your operations. If a naïve employee of yours just happens to click a link that looks close enough to a legitimate website, your business could be breached in a matter of seconds. Microsoft has added another layer of cybersecurity to protect against fishing in Microsoft Teams known as Safe Links. 

This new Microsoft Teams feature is powered by Microsoft Defender for Office 365. It works by scanning a URL once it is clicked in Teams to make sure it is legitimate and trusted. 

Safe Links has already detected almost 2 million distinct URL-based payloads that attackers create to orchestrate credential phishing campaigns.  

Users enable or disable Safe Links protection for Microsoft Teams in Safe Links policies. Specifically, us use the Select the actin for unknown or potentially malicious URLs within Microsoft Teams settings. The recommend value is On.  

The following Safe Links policies that apply to links in email messages also apply to links in Teams: 

  • Apply real-time URL scanning for suspicious links and links that point to files; 
  • Do not track user clicks; and 
  • Do not allow users to click through original URL. 

After turning on Safe Links protection for Microsoft Teams, URLs in Teams are checked against a list of known malicious links when the protected user clicks the link (time-of-click protection). URLs are not rewritten. If a link is found to be malicious, users will have the following experiences: 

  • If the link was clicked in a Teams conversation, group chat or from channels, the warning page as shown is the screenshot below will appear in the default web browser. 
  • If the link was clicked from a pinned tab, the warning page will appear in the Teams interface within that tab. The option to open the link in a web browser is disabled for security reasons. 
  • Depending on how the “Do not allow users to click through to original URL” setting in the policy is configured, the user will or will not be allowed to click through to the original URL. Microsoft recommends you enable the “Do not allow users to click through to the original URL” setting so users can’t click through to the original URL.  

2W Tech is a technology service provider specializing in solutions for the manufacturing industry.  We are also a Microsoft Gold Partner and would be happy to introduce Microsoft 365 and Microsoft Teams to your business. Give us a call today to get started. 

Read More:

Multi-factor Authentication is a Powerful Tool Against Cyberattacks

Getting Ready for the Windows 11 Upgrade

Back to IT News