Safe Links

Safe Links now in Microsoft Teams

Microsoft announced that safe links are now Generally Available in Microsoft Teams. This is the same idea of Safe Links for email, and if you already have that on, enabling it for Teams is easy.

I won’t rehash all the details Microsoft have above, but Safe Links give a time of click assessment of a URL to check if they deem it safe. This can be better than time of delivery of the URL, as new threats emerge or the end results of the URL change.

To enable Safe Links for Teams, go to the Safe Links Policies & rules section of Microsoft 365 Defender https://security.microsoft.com/safelinksv2

From here, you probably just have one policy but could have more – edit the policy to affect the users you want, and in the “Protection settings” area, there will be an “Edit protection settings” link

Once editing, just set the radio button to ‘on’ against ‘Select the action for unknown or potentially malicious URLs within Microsoft Teams. Microsoft haven’t updated the warning around being in preview despite the GA announcement.

Once done, and waiting for a timeframe I’m not sure on, Teams will start using Safe Links. URLs being used in Teams look the same as before, and even if you hover over them, they show the actual end result link:

But when clicked, you’ll see this jump page while Microsoft Defender for Office 365 verifies the link:

Regardless of the link being clicked, the URL for me always displayed this:

https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html

It verified the link very quickly in my testing, less than a second each time. At this stage I can’t see any way to configure this page, or disable the option to Skip verification to enforce security, but we’ll see what happens.

Organization Branding for Safe Link Warnings

Two new little features have turned up for Safe Links as part of the Microsoft 365 Security & Compliance suite.

  • Display the organization branding on notification and warning pages

The first option is to show your organization’s branding on warning pages. This should help users identify that it’s a legitimate warning they’re seeing, as default Microsoft warning pages are often used by malicious actors to look legitimate themselves.

  • Use custom notification text

This lets you put a message that sounds like it’s actually from your own company when a webpage gets blocked. This means you can put in contact details or a process you want users to follow when they hit a site – which could be sending an email or calling helpdesk.

Here’s how the custom text and logo looks on a blocked page:

The custom branding will appear above this warning as a banner and a small logo for your company.

If you haven’t set up branding already, have a read on Microsoft Docs on how to do it for Azure AD and Microsoft 365 (do both!).