Microsoft is adding another layer of defense to Teams by introducing built-in malicious link warnings for private chats, aimed at reducing phishing, malware delivery, and social engineering attacks targeting enterprise users.
Microsoft Expands Teams Security With Real-Time Threat Alerts
The new security feature will automatically detect and flag links that have been classified as spam, phishing, or malware before they can be clicked. Users will see a visible banner warning on messages containing risky URLs, whether they come from internal colleagues or external contacts.
Microsoft explained the move in a message center alert:
“To help users stay protected from malicious content, we’re introducing message warnings in Microsoft Teams. This new feature displays a warning banner on messages containing URLs flagged as Spam, Phish, or Malware—whether the message is internal or external. These warnings enhance user awareness and complement existing security protections like Safe Links and ZAP.”
The feature will be available to all Microsoft Defender for Office 365 (MDO) and Teams enterprise customers.
Deployment Timeline and Administrative Controls
Microsoft will roll out the malicious link warnings in public preview starting September 2025 for Teams desktop, web, iOS, and Android users. The feature is expected to become generally available in November 2025.
During the preview, administrators can manually enable the feature through Teams Admin Center > Messaging Settings. Once general availability is reached, Microsoft will enable the feature by default across all tenants.
Management options will be accessible via both the Teams Admin Center and PowerShell with the Teams module. Microsoft also confirmed that when at least one tenant has the feature enabled, warnings will remain active across the entire tenant environment.
Complementary Security Enhancements in Teams
This update comes as part of Microsoft’s broader initiative to harden Teams against abuse. The company recently announced that it is adding:
- Expanded protections for malicious URLs and dangerous file types in chats and channels.
- The ability for security administrators to block communications from specific domains.
- The option to remove chat messages from users associated with blocked domains through the Microsoft Defender portal.
These controls aim to help enterprises reduce insider risk and prevent external attackers from using Teams as a foothold into corporate networks.
Growing Importance as Teams Adoption Surges
Microsoft reported at last year’s Enterprise Connect conference that Teams had surpassed 320 million monthly active users across 181 markets. This rapid growth has made Teams an increasingly attractive target for threat actors, underscoring the importance of new defenses like real-time malicious link warnings.
