Microsoft Defender Enhances Security Visibility with URL Click Alerts for Teams

Microsoft Defender Enhances Security Visibility with URL Click Alerts for Teams
Microsoft Defender Enhances Security Visibility with URL Click Alerts for Teams
Microsoft is boosting threat detection by extending Microsoft Defender for Office 365 (MDO) URL click alerts into Microsoft Teams.

This update lets security teams spot, probe, and block risky link clicks in Teams messages. It moves beyond email threats to catch dangers earlier and stop attackers from spreading sideways in networks.

Key Feature Enhancements

Two MDO alerts now fire for Teams: “A user clicked through to a potentially malicious URL” and “A potentially malicious URL click was detected.”

These pop up on the Microsoft Defender alerts page with the full Teams message as evidence. Analysts skip platform-hopping for faster checks.

Teams signals join incident correlation too, linking threats across tools automatically. Researcher Steven Lim notes no user changes needed, but SOC efficiency jumps. Automated Investigation and Response (AIR) skips these alerts for now.

Category Description and Eligibility Requirements
Eligible Licenses Microsoft Defender for Office 365 Plan 2 or Microsoft 365 E5
Security Teams Admins and SOC analysts in Microsoft Defender portal
End Users Anyone sending/receiving Teams messages with URLs
System Status Enabled by default; no activation needed
Release Phase Rollout Start Date Expected Completion Date
Public Preview (Worldwide) Late February 2026 Early March 2026
General Availability (Worldwide) Early March 2026 Mid-March 2026
General Availability (GCC, GCCH, DoD) Early May 2026 Late May 2026

Feature rolls out by tenant type. Update playbooks now for Teams signals.

Hunt Teams URL clicks in Microsoft Defender XDR’s Advanced Hunting:

texttextAlertEvidence
| where Timestamp > ago(1h)
| where ServiceSource == @"Microsoft Defender for Office 365"
| where EntityType == @"Url"
| where Title has "Teams"

Pipe to email or Teams channels for alerts.

Action Items for Security Teams

  • Update SOC docs for Teams message analysis.
  • Train analysts on new alerts.
  • Add KQL to rules for auto-notifications.

This closes a Teams blind spot, sharpening visibility against phishing and malware.

Follow us on Google NewsLinkedIn and X to Get More Instant UpdatesSet Cyberpress as a Preferred Source in Google

The post Microsoft Defender Enhances Security Visibility with URL Click Alerts for Teams appeared first on Cyber Security News.


Discover more from RSS Feeds Cloud

Subscribe to get the latest posts sent to your email.

Leave a Reply

Your email address will not be published. Required fields are marked *

Discover more from RSS Feeds Cloud

Subscribe now to keep reading and get access to the full archive.

Continue reading