September 13, 2025
Blog
Malicious URL Protection in Microsoft Teams (Preview)
Phishing remains one of the most common and effective attack vectors, and attackers increasingly exploit collaboration platforms like Microsoft Teams. To help reduce this risk, Microsoft has introduced Link Protection in Teams (currently in preview).
This feature automatically scans URLs sent in chats, channels, or meeting conversations, warns senders if they include a suspicious link, and alerts recipients before they click. It’s a valuable new capability — but it is not a replacement for Microsoft Defender Safe Links. Instead, it works best alongside Safe Links as part of a layered defense strategy.
How Link Protection Works in Teams
A user sends a message containing a URL.
Teams checks the URL in real time against Microsoft’s threat intelligence.
If the link is suspicious or malicious, warnings are shown to the sender and all recipients.
Depending on client version:
R3 clients show more detailed warnings.
R4 clients show generic warnings.
Step-by-Step: Enable Link Protection in Teams
You can turn this feature on directly in the Teams admin center:
Sign in to the Teams admin center.
Go to Messaging settings.
Scroll to Messaging safety settings.
Enable Scan messages for unsafe URLs.
Select Save.
Or via PowerShell:
Set-CsTeamsMessagingConfiguration -UrlReputationCheck "Enabled" -Identity Global
Requirements and Scope
Availability: Part of the base Teams protection, available for all users (no special licensing noted in the preview).
Scope: Applies to messages in chats, channels, and meeting conversations.
Differences:
Link Protection = warns users, does not block or remove content.
Safe Links = enforces blocking at time of click (Defender policy driven).
ZAP for Teams = removes unsafe messages/content based on Defender settings.
My Technical Experience: Why Safe Links Is Still Essential
From working with enterprise environments, I can say with confidence: you must run both Link Protection and Safe Links.
Here’s the distinction I’ve observed:
Link Protection: Works inside Teams conversations to highlight suspicious URLs as soon as they appear. Great for raising user awareness.
Safe Links: Rewrites URLs and checks them at time of click. This is critical for detecting links that were benign when sent but later weaponized.
In real-world phishing tests I ran, Link Protection showed a warning but the link was still clickable. Only Safe Links actually blocked the redirection to a credential harvesting site.
Best Practices I Recommend
Always enable Link Protection in the Teams admin center.
Keep Safe Links enabled in Microsoft Defender for Office 365 — it is your real enforcement layer.
Test both features across Teams client versions (R3 vs. R4) to understand how users experience the warnings.
Use Defender reporting to validate whether flagged links are being clicked and if Safe Links is stepping in.
Final Takeaway
Think of Link Protection as an early warning system inside Teams, and Safe Links as the final safety gate at the moment of click. Neither replaces the other — together they create a layered defense that drastically reduces the chance of phishing success in Microsoft Teams.
Resources: