Microsoft Teams now has access to the phishing protection provided by Microsoft Defender for Office 365’s Safe Links feature.
Girish Chander, Microsoft’s Group Program Manager of Office 365 Security, explained “At its core, Safe Links provides time-of-click verification of URLs. This process entails scanning URLs for potentially malicious content and again evaluating them when they are clicked on by a user,”
The number of users of enterprise collaboration solutions like Zoom and Microsoft Teams has exploded since the start of the COVID-19 pandemic, propelled by the significant shift to remote work and organisations’ need to keep in (video) touch with their employees.
Microsoft Teams hit 44 million daily users in March 2020. Phishers have taken notice of this large pool of prospective targets, which topped 75 million in April 2020.
Microsoft claimed about 145 million daily active Teams users in April 2021. That’s a sizable user base that needs to be protected, and Microsoft is up to the task.
Safe Links in Microsoft Teams
According to Microsoft’s announcement on Monday. the Safe Links feature will now be accessible for Microsoft Teams if the customers also use Microsoft Defender for Office 365.
Since its launch in 2015, Defender for Office 365 has included a feature called Safe Links, Chander said, and Microsoft’s detonation systems “detect close to 2 million distinct URL-based payloads that attackers create to orchestrate credential phishing campaigns”.
He further added that scanning URLs at the moment of click is due to the fact that attackers’ tactics have evolved, and they are now sending benign links through a redirection service that can be modified to refer to a malicious site.
“At the time the email is received by your organization, the link appears to be harmless, and so the mail is delivered. With time of click inspection, however, Safe Links would have checked the link on delivery, and ensured that whenever the link is clicked it is redirected and inspected. If the link is malicious, the user is prevented from accessing the site, and if the link is harmless, the user is allowed to continue.”
These URLs can also be sent through conversations, group chats, and channels in Microsoft Teams, as well as included in documents shared through them.
Enterprise admins must configure a Safe Links policy in the Microsoft 365 Defender portal to use Safe Links.