Categories: Cyber Security News

Microsoft Defender Enhances Security Visibility with URL Click Alerts for Teams

Microsoft is boosting threat detection by extending Microsoft Defender for Office 365 (MDO) URL click alerts into Microsoft Teams.

This update lets security teams spot, probe, and block risky link clicks in Teams messages. It moves beyond email threats to catch dangers earlier and stop attackers from spreading sideways in networks.

Key Feature Enhancements

Two MDO alerts now fire for Teams: “A user clicked through to a potentially malicious URL” and “A potentially malicious URL click was detected.”

These pop up on the Microsoft Defender alerts page with the full Teams message as evidence. Analysts skip platform-hopping for faster checks.

Teams signals join incident correlation too, linking threats across tools automatically. Researcher Steven Lim notes no user changes needed, but SOC efficiency jumps. Automated Investigation and Response (AIR) skips these alerts for now.

Category Description and Eligibility Requirements
Eligible Licenses Microsoft Defender for Office 365 Plan 2 or Microsoft 365 E5
Security Teams Admins and SOC analysts in Microsoft Defender portal
End Users Anyone sending/receiving Teams messages with URLs
System Status Enabled by default; no activation needed
Release Phase Rollout Start Date Expected Completion Date
Public Preview (Worldwide) Late February 2026 Early March 2026
General Availability (Worldwide) Early March 2026 Mid-March 2026
General Availability (GCC, GCCH, DoD) Early May 2026 Late May 2026

Feature rolls out by tenant type. Update playbooks now for Teams signals.

Hunt Teams URL clicks in Microsoft Defender XDR’s Advanced Hunting:

Sponsored
texttextAlertEvidence
| where Timestamp > ago(1h)
| where ServiceSource == @"Microsoft Defender for Office 365"
| where EntityType == @"Url"
| where Title has "Teams"

Pipe to email or Teams channels for alerts.

Action Items for Security Teams

  • Update SOC docs for Teams message analysis.
  • Train analysts on new alerts.
  • Add KQL to rules for auto-notifications.

This closes a Teams blind spot, sharpening visibility against phishing and malware.

Follow us on Google NewsLinkedIn and X to Get More Instant UpdatesSet Cyberpress as a Preferred Source in Google

The post Microsoft Defender Enhances Security Visibility with URL Click Alerts for Teams appeared first on Cyber Security News.

rssfeeds-admin

Leave a Comment
Share
Published by
rssfeeds-admin
8 hours ago

Recent Posts

World of Warcraft: Midnight Review So Far

At the very outset of World of Warcraft’s Midnight expansion, we are summoned by an…

39 minutes ago

World of Warcraft: Midnight Review So Far

At the very outset of World of Warcraft’s Midnight expansion, we are summoned by an…

39 minutes ago

Legion RTX 5070 Ti Gaming PCs Start at Just $1,805 During Lenovo’s Weekend Sale

Nowadays it's quite difficult to find an RTX 5070 Ti prebuilt for under $2,000, and…

39 minutes ago

The Trump phone sure looks a lot like this HTC handset

The HTC U24 Pro may not be gold, but its design is otherwise awfully similar…

1 hour ago

CISA is getting a new acting director after less than a year

The US Cybersecurity and Infrastructure Security Agency (CISA), which is part of the Department of…

1 hour ago

AI deepfakes are a train wreck and Samsung’s selling tickets

On Thursday morning, I attended a Q&A panel with four top Samsung smartphone executives. Until…

1 hour ago

This website uses cookies.