Security around URL Preview (in MS Teams)

%3CLINGO-SUB%20id%3D%22lingo-sub-1873214%22%20slang%3D%22en-US%22%3ESecurity%20around%20URL%20Preview%20(in%20MS%20Teams)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1873214%22%20slang%3D%22en-US%22%3E%3CP%3EOur%20tenant%2Fusers%20are%20licensed%20for%20E3%20in%20M365.%26nbsp%3B%20A%20question%20was%20recently%20raised%20by%20our%20security%20team%20around%20security%20controls%20(in%20Teams)%20for%20URL%20Preview.%26nbsp%3B%20Understanding%20that%20Safe%20Links%20is%20something%20available%20to%20E5%20customers%2C%20if%20an%20E3%20customer%20had%20URL%20preview%20enabled%20and%20someone%20dropped%20a%20malicious%20URL%20in%20a%20team%20chat%20(causing%20URL%20preview%20to%20potential%20launch%20malicious%20code)%2C%20is%20there%20something%20in%20the%20infrastructure%20that%20would%20inhibit%20the%20propagation%20of%20that%20malicious%20code%20or%20are%20the%20only%20controls%20available%20what%20would%20be%20on%20the%20endpoint%3F%26nbsp%3B%20I%20thought%20that%20there%20might%20be%20something%20in%20place%20from%20an%20infrastructure%2FAzure%20perspective.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1873214%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1875684%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20around%20URL%20Preview%20(in%20MS%20Teams)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1875684%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F757304%22%20target%3D%22_blank%22%3E%40wheels815%3C%2FA%3E%26nbsp%3BHello%2C%26nbsp%3BMicrosoft%20Defender%20for%20Office%20365%20is%20the%20new%20name%20for%20Office%20365%20Advanced%20Threat%20Protection%20so%20have%20that%20in%20mind%20when%20looking%20at%20the%20docs%20(but%20maybe%20you%20know%20this).%20As%20for%20the%20licensing%20part%20it's%20difficult%20to%20understand%20sometimes%20especially%20as%20they%20keep%20on%20renaming%20the%20products.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EA%20lot%20of%20links%20but%20need%20to%20refer%20to%20the%20info%20as%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20far%20as%20I%20can%20tell%20from%20the%20service%20description%20ATP%20plan%201%20is%20included%20in%20M365%20Business%20Premium%20and%20that%20includes%20Safe%20Links%20and%20Safe%20Links%20in%20Teams.%20But%20as%20you%20are%20an%20M365%20E3%20you%20will%20need%20to%20purchase%20an%20upgrade%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fservicedescriptions%2Foffice-365-advanced-threat-protection-service-description%23feature-availability-across-advanced-threat-protection-atp-plans%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fservicedescriptions%2Foffice-365-advanced-threat-protection-service-description%23feature-availability-across-advanced-threat-protection-atp-plans%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere's%20a%20doc%20with%20updated%20product%20name%2C%20just%20found%20it%20actually%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Foffice-365-atp%3Fview%3Do365-worldwide%23microsoft-defender-for-office-365-plan-1-and-plan-2%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Foffice-365-atp%3Fview%3Do365-worldwide%23microsoft-defender-for-office-365-plan-1-and-plan-2%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENote%20that%20the%20%22Safe%20Links%20in%20Teams%20(Preview)%22%20is%20only%20available%20for%20the%20TAP%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fatp-safe-links%3Fview%3Do365-worldwide%23safe-links-settings-for-microsoft-teams%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fatp-safe-links%3Fview%3Do365-worldwide%23safe-links-settings-for-microsoft-teams%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFinally%2C%20to%20answer%20your%20question%20hopefully.%20The%20following%20features%20would%20assist%20besides%20the%20endpoint%20protection.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20default%20security%20using%20EOP%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fanti-spam-and-anti-malware-protection%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fanti-spam-and-anti-malware-protection%3Fview%3Do365-worldwide%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20%22Built-in%20virus%20protection%20in%20SharePoint%20Online%2C%20OneDrive%2C%20and%20Microsoft%20Teams%22%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fvirus-detection-in-spo%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fvirus-detection-in-spo%3Fview%3Do365-worldwide%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20the%20%22ATP%20for%20SharePoint%2C%20OneDrive%2C%20and%20Microsoft%20Teams%22%20(Microsoft%20Defender)%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fatp-for-spo-odb-and-teams%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fatp-for-spo-odb-and-teams%3Fview%3Do365-worldwide%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Senior Member

Our tenant/users are licensed for E3 in M365.  A question was recently raised by our security team around security controls (in Teams) for URL Preview.  Understanding that Safe Links is something available to E5 customers, if an E3 customer had URL preview enabled and someone dropped a malicious URL in a team chat (causing URL preview to potential launch malicious code), is there something in the infrastructure that would inhibit the propagation of that malicious code or are the only controls available what would be on the endpoint?  I thought that there might be something in place from an infrastructure/Azure perspective.

1 Reply
Highlighted

@wheels815 Hello, Microsoft Defender for Office 365 is the new name for Office 365 Advanced Threat Protection so have that in mind when looking at the docs (but maybe you know this). As for the licensing part it's difficult to understand sometimes especially as they keep on renaming the products.

 

A lot of links but need to refer to the info as well.

 

As far as I can tell from the service description ATP plan 1 is included in M365 Business Premium and that includes Safe Links and Safe Links in Teams. But as you are an M365 E3 you will need to purchase an upgrade https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection... 

 

Here's a doc with updated product name, just found it actually https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp?view=o365... 

 

Note that the "Safe Links in Teams (Preview)" is only available for the TAP https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/atp-safe-links?view=o365... 

 

Finally, to answer your question hopefully. The following features would assist besides the endpoint protection.

 

The default security using EOP (*edit updated link) https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/eop-features?view=o365-w... 

 

The "Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams"

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/virus-detection-in-spo?v... 

 

And the "ATP for SharePoint, OneDrive, and Microsoft Teams" (Microsoft Defender)

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/atp-for-spo-odb-and-team...