Microsoft Defender Enhances Security Visibility with URL Click Alerts for Teams

This update lets security teams spot, probe, and block risky link clicks in Teams messages. It moves beyond email threats to catch dangers earlier and stop attackers from spreading sideways in networks.

Key Feature Enhancements

Two MDO alerts now fire for Teams: “A user clicked through to a potentially malicious URL” and “A potentially malicious URL click was detected.”

These pop up on the Microsoft Defender alerts page with the full Teams message as evidence. Analysts skip platform-hopping for faster checks.

Teams signals join incident correlation too, linking threats across tools automatically. Researcher Steven Lim notes no user changes needed, but SOC efficiency jumps. Automated Investigation and Response (AIR) skips these alerts for now.

Feature rolls out by tenant type. Update playbooks now for Teams signals.

Hunt Teams URL clicks in Microsoft Defender XDR’s Advanced Hunting:

texttextAlertEvidence
| where Timestamp > ago(1h)
| where ServiceSource == @"Microsoft Defender for Office 365"
| where EntityType == @"Url"
| where Title has "Teams"

Pipe to email or Teams channels for alerts.

Action Items for Security Teams

• Update SOC docs for Teams message analysis.
• Train analysts on new alerts.
• Add KQL to rules for auto-notifications.

This closes a Teams blind spot, sharpening visibility against phishing and malware.

Follow us on Google News, LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Microsoft Defender Enhances Security Visibility with URL Click Alerts for Teams appeared first on Cyber Security News.