Preventing URL-based attacks with Safe Links
Part of Microsoft Defender for Office 365, Safe Links provides time-of-click verification of URLs by scanning URLs for potentially malicious content and again evaluating them once clicked on by an end user. Safe Links scanning can help protect your organization from malicious links that are used in phishing and other attacks.
Why scan URLs at time of click?
Attackers have become more sophisticated in their attacks and the ways in which they attempt to breach organizations. For instance, instead of sending malicious links directly to end users – something IT has started to educate their end users on to protect against – attackers now send benign links that once delivered redirect to a malicious site. Even though end users may be trained to identify and flag a malicious URL link based on visible properties, the redirect process makes scanning the URL at time of click a critical layer of protection to act on behalf of the end user.
How Safe Links works in Microsoft Teams
Once a Safe Links policy has been set up and enabled, Safe Links helps protect URLs shared in Teams conversations, group chats, or in team channels. If a link is found to be malicious, users will have the following experiences:
- If the link was clicked in a Teams conversation, group chat, or from channels, a warning page as shown in the figure 1 screenshot above will appear in the default web browser.
- If the link was clicked from a pinned tab, the warning page will appear in the Teams interface within that tab. The option to open the link in a web browser is disabled for security reasons.
An important note is that depending on how the Do not allow users to click through to original URL setting in the policy is configured, the end user experience will differ. We recommend that you enable the Do not allow users to click through to original URL setting so that end users cannot bypass and click through to the original URL unless deemed safe. Currently, Safe Attachments in Teams can detect file links sent through a Safe Attachment Policy. All the other types of links being sent through Microsoft Teams will go through a Safe Links Policy.
How to get started
Safe Links for Microsoft Teams is available to customers who are using both Microsoft Teams and Microsoft Defender for Office 365. To configure Safe Links to protect users in Microsoft Teams, configure a Safe Links policy in the Microsoft 365 Defender portal. For more information on Safe Links, please see our detailed blog and Safe Links documentation.
Enabling secure collaboration is important as hybrid work becomes the norm for many organizations, Safe Links being just one part of a growing list of security and compliance capabilities in Microsoft Teams including conditional access, Multi-Geo support, and more!