check before: 2026-02-28
Product:
Defender, Defender for Office 365, Defender XDR, Teams
Platform:
Android, iOS, Mac, Online, US Instances, Web, Windows Desktop, World tenant
Status:
In development
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Defender for Office 365 URL click alerts will now include Microsoft Teams, enabling detection of malicious link clicks in Teams messages. This feature, rolling out from February to May 2026, enhances alert visibility and investigation in the Defender portal for licensed organizations, with no user workflow changes.
Details:
[Introduction]
We're extending Microsoft Defender for Office 365 (MDO) URL click alerting to Microsoft Teams, giving security teams greater visibility into potentially malicious activity beyond email. By surfacing alerts when users click malicious or suspicious links in Teams messages, organizations can detect threats earlier, investigate faster, and respond more effectively-all from the Microsoft Defender portal.
This message is associated with Microsoft Roadmap ID 557549.
[When this will happen:]
Public Preview (Worldwide): We will begin rolling out late February 2026 and expect to complete by early March 2026.
General Availability (Worldwide): We will begin rolling out early March 2026 and expect to complete by mid-March 2026.
General Availability (GCC, GCCH, DoD): We will begin rolling out early May 2026 and expect to complete by late May 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2026-02-26
updated:
2026-02-26
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft is enhancing its security by including Microsoft Teams in Defender for Office 365 URL click alerts, allowing security teams to monitor potentially harmful links in Teams messages, with rollout scheduled between February and May 2026 for specific Microsoft licenses.
Direct effects for Operations**
Increased Alert Volume
The introduction of Teams URL click alerts may lead to a significant increase in the volume of alerts, potentially overwhelming security teams and leading to alert fatigue.
- roles: Security Admins, SOC Teams
- references: https://learn.microsoft.com/defender-xdr/alert-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=557549
Investigation Complexity
With the addition of Teams data in alerts, investigations may become more complex, requiring security teams to correlate incidents across multiple platforms (email and Teams).
- roles: Security Admins, SOC Teams
- references: https://learn.microsoft.com/defender-xdr/alert-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=557549
User Experience Impact
While user workflows remain unchanged, the potential for increased security alerts may indirectly affect user experience if security teams are less responsive due to alert overload.
- roles: End Users, Helpdesk Teams
- references: https://learn.microsoft.com/defender-xdr/alert-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=557549
Training and Awareness Needs
The new alerting feature necessitates additional training for security and helpdesk teams to effectively respond to Teams-based alerts, which may not be immediately available.
- roles: Security Admins, Helpdesk Teams
- references: https://learn.microsoft.com/defender-xdr/alert-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=557549
Compliance Monitoring Changes
The change may require updates to compliance monitoring processes as Teams message data will now be included in incident investigations, potentially affecting compliance reporting.
- roles: Compliance Officers, Security Admins
- references: https://learn.microsoft.com/defender-xdr/alert-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=557549
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
Hypothetical Work Council Statement**
XXXXXXX ... paid membership only
DPIA Draft**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 9 hours ago ago
