MC1150984 – Microsoft Defender for Office 365: Message Warnings for Messages with Malicious URLs in Teams (archived)

Product:

Defender, Defender for Office 365, Defender XDR, Entra, Microsoft 365 admin center, Teams, Windows

Platform:

Android, iOS, Mac, Online, Web, Windows Desktop, World tenant

Status:

Launched

Change type:

New feature, User impact

Links:

MC1148539
502879

Details:

Summary:
Microsoft Defender for Office 365 will introduce message warnings in Microsoft Teams for messages containing URLs flagged as Spam, Phish, or Malware. Starting with a public preview in September 2025 and general availability in November 2025, warnings will appear for both recipients and senders, enabled by default and manageable via Teams Admin Center.

Details:
[Introduction]
To help users stay protected from malicious content, we're introducing message warnings in Microsoft Teams. This new feature displays a warning banner on messages containing URLs flagged as Spam, Phish, or Malware-whether the message is internal or external. These warnings enhance user awareness and complement existing security protections like Safe Links and ZAP.
This post is associated with Roadmap ID 502879.
This message center post was created in collaboration with Microsoft Teams and is related to the Teams post MC1148539.
Figure i. Recipient View: Users will find a warning banner on messages containing malicious URLs.

Figure ii. Sender View: Senders will also be notified if their message includes a flagged URL.

[When this will happen:]
Public Preview (Worldwide): Begins early September 2025 and completes by mid-September 2025.
General Availability (Worldwide): Begins early November 2025 and completes by mid-November 2025.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview, Standard Release

Created:
2025-09-11

updated:
2025-09-11

Public Preview Start Date

XXXXXXX ... free basic plan only

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

User Awareness and Security
Users may be exposed to malicious URLs without prior warning, leading to potential phishing attacks and data breaches.
   - roles: End Users, IT Support Staff
   - references: https://learn.microsoft.com/defender-office-365/mdo-support-teams-about, https://learn.microsoft.com/microsoftteams/malicious-url-protection-teams

Operational Disruption
Increased incidents of malware infections could lead to downtime and operational disruptions, affecting productivity.
   - roles: IT Operations, Business Continuity Managers
   - references: https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=502879" target="_blank" rel="nofollow noopener noreferrer">https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=502879, https://learn.microsoft.com/microsoftteams/malicious-url-protection-teams

Increased Support Requests
The introduction of message warnings without preparation may lead to confusion among users, resulting in a surge of support requests to IT.
   - roles: Helpdesk Staff, IT Support Staff
   - references: https://learn.microsoft.com/defender-office-365/mdo-support-teams-about, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=502879" target="_blank" rel="nofollow noopener noreferrer">https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=502879

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced User Training on URL Safety
With the introduction of message warnings for malicious URLs, there's an opportunity to enhance user training programs focused on recognizing phishing attempts and understanding the importance of URL safety. This training can be tailored to leverage the new warning feature, making users more aware of potential threats.
   - next-steps: Develop a training module that incorporates the new message warning feature, schedule training sessions, and provide ongoing resources for users to reference.
   - roles: IT Administrators, Security Officers, Training Coordinators
   - references: https://learn.microsoft.com/defender-office-365/mdo-support-teams-about, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=502879

Improved Incident Response Protocols
The new warning system can be integrated into incident response protocols, allowing IT teams to react more swiftly to potential threats flagged by the system. This can streamline processes for reporting and mitigating phishing attempts and other malicious activities.
   - next-steps: Review and update incident response protocols to include steps for handling warnings from Teams, conduct drills to test the effectiveness of the updated protocols, and ensure all relevant teams are trained.
   - roles: IT Security Teams, Incident Response Teams, Compliance Officers
   - references: https://learn.microsoft.com/microsoftteams/malicious-url-protection-teams, https://learn.microsoft.com/defender-office-365/mdo-support-teams-about " target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/defender-office-365/mdo-support-teams-about

Integration with Existing Security Tools
The message warnings feature can be integrated with existing security tools to enhance overall security posture. For example, integrating with SIEM systems can provide better visibility into potential threats and allow for automated responses.
   - next-steps: Evaluate current security tools for compatibility with the new feature, develop an integration plan, and implement the integration while monitoring for effectiveness.
   - roles: IT Security Analysts, Systems Administrators, Compliance Officers
   - references: https://learn.microsoft.com/defender-office-365/mdo-support-teams-about, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=502879

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

Microsoft is enhancing its security measures in Microsoft Teams by introducing a new feature that warns users about potentially harmful links. Imagine you're at a busy airport, and there are signs and announcements warning you about potential pickpockets. These warnings help you stay alert and protect your belongings. Similarly, Microsoft Teams will now display warning banners on messages that contain URLs flagged as spam, phishing, or malware. This is like having a security guard who checks links in your messages and alerts you if something seems suspicious.

Starting in September 2025, this feature will be available for public preview, and by November 2025, it will be generally available to all users. The warnings will appear for both the person sending the message and the person receiving it. It's like having a two-way mirror where both parties can see the alert and take necessary precautions.

For administrators, this feature will be enabled by default, but they can manage it through the Teams Admin Center. Think of it as having a master switch in your office that controls the security system, allowing you to turn it on or off as needed. If at least one person in your organization has this feature enabled, it will be active for everyone in that group.

The feature works alongside existing protections like Safe Links, which is like having a security camera that monitors links in real-time, and ZAP, which blocks harmful messages before they reach you. If a link is identified as malicious after a message is delivered, a warning will be added retroactively for up to 48 hours, similar to how a bank might notify you of suspicious activity on your account after a transaction has occurred.

For compliance, flagged URLs may be temporarily stored, and messages are re-evaluated for any changes in the URL's status. This is akin to a library keeping a record of books checked out and updating it if a book is reported lost or damaged.

Overall, this new feature aims to enhance user safety by providing timely alerts about potentially dangerous links, helping users make informed decisions before clicking on them.