We’re proud to announce that Microsoft Teams users can now be protected from malicious link-based phishing attacks using the power of Safe Links in Microsoft Defender for Office 365.
As more and more users in different organizations across the globe settle into a new way of collaborating in response to the need to work remotely and in a hybrid fashion, it has become critical to increase the level of protection for those users as they interact with and look to be productive on these platforms.
Use of Microsoft Teams has exploded over the past 18 months. And with it, our focus and commitment to ensure that Microsoft Teams is the most secure real-time collaboration platform, has only grown. With today’s announcement, organizations with Microsoft Defender for Office 365 can further protect Microsoft Teams users from malicious phishing attacks that are often orchestrated using weaponized URLs.
Safe Links in Defender for Office 365 scans URLs at the time of click to ensure that users are protected with the latest intelligence from Microsoft Defender. We’re super excited to announce that this capability is now generally available.
Hybrid work is here to stay
Today’s global workforce is facing unprecedented times. As we learn from a recent sudden shift to remote work and look ahead towards the future of hybrid work, effective collaboration across multiple locations and multiple time zones is key to the success of businesses. Over the past 18 months we’ve seen use and adoption of collaboration tools skyrocket as customers roll out remote and hybrid work strategies and the tools necessary to support this new normal. In fact, since February 2020, we’ve seen weekly meeting time more than double for Microsoft Teams users, and that number continues to rise.
Figure 1: Findings from Microsoft's Work Trend Index
Integrated threat protection for all of Office 365
Microsoft Defender for Office 365 remains committed to protecting all of Office 365 against threats to email and collaboration tools. This means going beyond email to protect tools like OneDrive, SharePoint, Office apps, and of course Microsoft Teams. Defender for Office 365 provides comprehensive coverage against threats like phishing, malware, and business email compromise, giving administrators the tools necessary to not only prevent and detect these threats, but to investigate and remediate the risks they see as well.
Figure 2: Microsoft Defender for Office 365 provides comprehensive coverage throughout the lifecycle of an attack
Preventing URL-based attacks with Safe Links
Safe Links has been a critical feature in Defender for Office 365 since its introduction in 2015. At its core, Safe Links provides time-of-click verification of URLs. This process entails scanning URLs for potentially malicious content and again evaluating them when they are clicked on by a user. In fact, every month our detonation systems detect close to 2 million distinct URL-based payloads that attackers create to orchestrate credential phishing campaigns. Each month, our systems block over 100 million phishing emails that contain these malicious URLs.
Why scan URLs at time of click?
Attackers are smart just like the rest of us. As detection technologies evolve to block malicious sites quicker, sending malicious links to users becomes less effective. So attackers evolve their attacks. Instead of sending malicious links to users, attackers now send benign links. Once the link has been delivered, the attacker redirects the link to a malicious site.
Consider the following: An attacker drafts a phishing email impersonating Microsoft and requesting that you login to review changes to your account. The link included is from a redirection service that permits the owner to change the destination at any time. The attacker sends the email, having configured the link to point to Microsoft.com, but a few minutes later changes the link to point to a malicious site intended to capture your login information. At the time the email is received by your organization, the link appears to be harmless, and so the mail is delivered.
With time of click inspection, however, Safe Links would have checked the link on delivery, and ensured that whenever the link is clicked it is redirected and inspected. If the link is malicious, the user is prevented from accessing the site, and if the link is harmless, the user is allowed to continue.
Figure 3: Safe Links prevents users from accessing malicious sites
Protection beyond email
We’ve been hard at work over the past few years partnering across Microsoft to extend the protection of Safe Links beyond email and across Office 365. Safe Links is already available in Microsoft 365 apps (like Word and PowerPoint), Office apps on iOS and Android, and Office online. And today, we’re excited to announce that these capabilities have been expanded even further.
Safe Links is now available in Microsoft Teams
Today we’re excited to share that Safe Links for Microsoft Teams is now generally available. This means that our customers can take advantage of time of click protection for links in conversations, group chats, and channels in Microsoft Teams.
Securing collaboration tools is incredibly important given the evolving nature of work, and Safe Links is just one part of a growing list of security and compliance capabilities in Microsoft Teams including conditional access, Multi-Geo support, and more!
Get started today
Safe Links for Microsoft Teams is available to customers who are using both Microsoft Teams and Microsoft Defender for Office 365. To configure Safe Links to protect users in Microsoft Teams, configure a Safe Links policy in the Microsoft 365 Defender portal. To learn more about configuring Safe Links policies for email and other Office 365 tools like Microsoft Teams, visit our documentation.
Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum.