MC1148539 - Microsoft Teams: Malicious URL Protection for Teams Chat and Channels
Service
Last Updated
Published Sep 5, 2025
Tag
Platforms
Summary
Microsoft Teams will complete rollout of Malicious URL Protection by November 2025, warning users about harmful links in chats and channels. The feature will be off by default during Targeted Release and on by default at General Availability. Admins can enable or configure it via Teams Admin Center or PowerShell.
More information
Updated November 17, 2025: The rollout of Malicious URL Protection in Microsoft Teams is expected to finish before the end of November 2025 for General Availability (Worldwide). The previously announced update to make Malicious URL protection setting in Messaging settings ON by default has been postponed to early 2026. A separate communication will be issued detailing the roll out schedule for the default-on change in advance.
Thank you for your patience.
Introduction
Microsoft Teams is introducing enhanced protection against phishing attacks by detecting and warning users about malicious URLs shared in Teams chats and channels. This feature helps users make safer decisions before clicking potentially harmful links. This message applies to Teams for Windows desktop, Teams for Mac desktop, Teams for the web, and Teams for iOS/Android.
This message is associated with Roadmap ID 499893.
When this will happen
- Targeted Release (Worldwide): Rollout begins early September 2025 and is expected to complete by mid-September 2025.
- General Availability (Worldwide): Rollout begins early November 2025 and is expected to complete by end of November 2025 (previously mid-November).
How this affects your organization
When a malicious link is detected, Teams will automatically display a warning to both the sender and recipient. This helps reduce the risk of phishing attacks.
- Targeted Release: Link protection is applied only when all participants in the conversation have the feature enabled.
- General Availability: Link protection is enforced if at least one participant in the conversation has the feature enabled.
Targeted release vs. General Availability behavior:
- Targeted release: Link protection is applied only when all organizations in the conversation have the feature enabled. This feature is off by default and requires admin activation.
- General Availability: Link protection is applied if at least one participant has the feature enabled. This feature is on by default. Admin settings saved during Targeted Release will remain unchanged.
What you can do to prepare
During Public Preview, administrators must manually enable the feature:
- Go to the Teams Admin Center
- Navigate to Messaging Settings
- Enable the setting: Scan messages for unsafe URLs
This setting is also available via Set-CsTeamsMessagingConfiguration PowerShell cmdlet -UrlReputationCheck parameter.
No action is required once the feature reaches General Availability, as it will be turned on by default.
Learn more: Malicious URL Protection in Microsoft Teams
Compliance considerations
| Compliance Area | Explanation |
|---|---|
| Does the change introduce or significantly modify AI/ML or agent capabilities that interact with or provide access to customer data? | URL scanning uses reputation-based detection algorithms to identify malicious links. This involves scanning user messages and performing reputation lookups against Microsoft Defender for Office's managed collection. |
| Does the change include an admin control that can be scoped using Entra ID group membership? | Admins can enable or disable the feature via Teams Admin Center or PowerShell. However, scoping via Entra ID group membership is not supported. |
Reminder: