Announcing General Availability of Safe Links for Microsoft Teams!
Published Jul 27 2021 08:00 AM 37.7K Views
Microsoft

Preventing URL-based attacks with Safe Links

Part of Microsoft Defender for Office 365, Safe Links provides time-of-click verification of URLs by scanning URLs for potentially malicious content and again evaluating them once clicked on by an end user. Safe Links scanning can help protect your organization from malicious links that are used in phishing and other attacks.

 

Figure 1: Safe Links prevents users from accessing malicious sitesFigure 1: Safe Links prevents users from accessing malicious sites

 

Why scan URLs at time of click?

Attackers have become more sophisticated in their attacks and the ways in which they attempt to breach organizations. For instance, instead of sending malicious links directly to end users – something IT has started to educate their end users on to protect against – attackers now send benign links that once delivered redirect to a malicious site. Even though end users may be trained to identify and flag a malicious URL link based on visible properties, the redirect process makes scanning the URL at time of click a critical layer of protection to act on behalf of the end user.


How Safe Links works in Microsoft Teams

Once a Safe Links policy has been set up and enabled, Safe Links helps protect URLs shared in Teams conversations, group chats, or in team channels. If a link is found to be malicious, users will have the following experiences:

  • If the link was clicked in a Teams conversation, group chat, or from channels, a warning page as shown in the figure 1 screenshot above will appear in the default web browser.
  • If the link was clicked from a pinned tab, the warning page will appear in the Teams interface within that tab. The option to open the link in a web browser is disabled for security reasons.


An important note is that depending on how the Do not allow users to click through to original URL setting in the policy is configured, the end user experience will differ. We recommend that you enable the Do not allow users to click through to original URL setting so that end users cannot bypass and click through to the original URL unless deemed safe. Currently, Safe Attachments in Teams can detect file links sent through a Safe Attachment Policy. All the other types of links being sent through Microsoft Teams will go through a Safe Links Policy.


How to get started

Safe Links for Microsoft Teams is available to customers who are using both Microsoft Teams and Microsoft Defender for Office 365. To configure Safe Links to protect users in Microsoft Teams, configure a Safe Links policy in the Microsoft 365 Defender portal. For more information on Safe Links, please see our detailed blog and Safe Links documentation.


Enabling secure collaboration is important as hybrid work becomes the norm for many organizations, Safe Links being just one part of a growing list of security and compliance capabilities in Microsoft Teams including conditional access, Multi-Geo support, and more!

 

13 Comments

Great blog @John Gruszczyk hope your keeping well. Looking forward to teaming up at Ignite :D

 

I'll cover this in a blog soon. Do you have any spammy links which will trigger this for the blog? Best, Chris

Microsoft

@Christopher Hoard thanks Chris and likewise, hope you are well and looking forward to Ignite season! Don't know of any spam links for easy testing, you'd probably have to setup a policy in a test tenant and add a blacklisted URL

I'll look for some and then send the link to the post once it's done :D

Copper Contributor

This would be great, except that it isn't generally available. Would you please clarify what general availability actually means.

 

The missing link:

AlanBirch_0-1627504759839.png

 

Copper Contributor

Hi John, thanks for the great news. Just wondering if the same feature is also available for Outlook?

@HenryOh yes it is, see here: Safe Links - Office 365 | Microsoft Docs - Both Exchange (Outlook) and Teams are covered in Defender for Office 365 Plan 1 :D

Brass Contributor

Good new. Been waiting for this for a while. 

Iron Contributor

do we need Microsoft defender license for every user ?

Brass Contributor

Hi @Christopher Hoard @John Gruszczyk 

To help with URLs, I'm usually testing using this site phishtank[.]com it's full with a spam/phishing sites reported by community. 

Iron Contributor

Will this affect the URL "preview" in messages/posts?

Copper Contributor

I do not like this feature at all. It breaks all internal links like http://myserver.internaldomain.com/

Copper Contributor

Hello ,

 

thanks for the great info !!

 

Copper Contributor

Hey,

 

Does the Safe Links for Teams support any block lists at all, or will the function just match Microsofts central database of known threats?

I ask because I have tested this for a while with a Safe Links policy containing a small number of users, and apparently I am not able to get neither "tenant-wide block lists" nor the Block List under Safe links / Global settings to "match" a specific URL in Teams clients.

 

I though we managed to get it to work, but seems I was fooled by SmartSceen, which does filter those URLs

After activating Safe Links we do see the "Verifying link..." splash screen before a redirect happens, but whatever I do, clients are just passed on to unwanted URLs we specifically have added to both block lists mentioned above.

I waited 5 days since the changes were made, as I noticed it took way more than 24 hours for Safe Links to activate in our Teams clients. 

I test this by using iOS and Android clients (since SmartSceen is really not working very well on these platforms anyway), but it is my understanding that Safe Links should work across all client platforms?

It would also bee good to have some way to verify that Safe Links is actually doing anything at all for us - are there any test URLs that can specifically be used to test Safe Links?

Version history
Last update:
‎Jul 27 2021 07:48 AM
Updated by: