MC1150984 - Microsoft Defender for Office 365: Message Warnings for Messages with Malicious URLs in Teams

Message ID

MC1150984

View in Message Center

Service

Microsoft Defender XDR

Published

Sep 10, 2025

Tag

New feature

User impact

Roadmap ID

502879

View in M365 Roadmap

Platforms

Android

Desktop

iOS

Web

Summary

Microsoft Defender for Office 365 will introduce message warnings in Microsoft Teams for messages containing URLs flagged as Spam, Phish, or Malware. Starting with a public preview in September 2025 and general availability in November 2025, warnings will appear for both recipients and senders, enabled by default and manageable via Teams Admin Center.

More information

Introduction

To help users stay protected from malicious content, we’re introducing message warnings in Microsoft Teams. This new feature displays a warning banner on messages containing URLs flagged as Spam, Phish, or Malware—whether the message is internal or external. These warnings enhance user awareness and complement existing security protections like Safe Links and ZAP.

This post is associated with Roadmap ID 502879.

This message center post was created in collaboration with Microsoft Teams and is related to the Teams post MC1148539.

Figure i. Recipient View: Users will find a warning banner on messages containing malicious URLs.

user settings

Figure ii. Sender View: Senders will also be notified if their message includes a flagged URL.

user settings

When this will happen:

Public Preview (Worldwide): Begins early September 2025 and completes by mid-September 2025.
General Availability (Worldwide): Begins early November 2025 and completes by mid-November 2025.

How this affects your organization:

Who is affected: All Microsoft Defender for Office 365 (MDO) customers and Microsoft Teams enterprise customers.
What will happen:
- Message warnings will appear in two scenarios:
  - Known Malicious URLs: If a URL is already identified as malicious, the message will be delivered with a warning.
  - Post-Delivery URLs: If a URL becomes malicious after delivery, a warning will be added retroactively for up to 48 hours.
- Recipient View: Users will see a warning banner on messages containing malicious URLs.
- Sender View: Senders will also be notified if their message includes a flagged URL.
- The feature will be enabled by default at General Availability.
- Admins can manage the feature via Teams Admin Center > Messaging settings.
- If at least one tenant has the feature enabled, message warnings will be active across the tenant.
- Message warnings work alongside existing protections:
  - Safe Links: Continues to provide time-of-click protection in Teams.
  - ZAP message blocking: If ZAP is enabled, ZAP blocks take precedence over message warnings.

What you can do to prepare:

Review and configure settings in Teams Admin Center > Messaging settings.
Communicate this change to helpdesk and support teams.
Update internal documentation to reflect new message warning behavior.
For Public Preview, opt-in via the toggle in Teams Admin Center > Messaging settings.
Learn more:
- Malicious URL Protection in Microsoft Teams
- Microsoft Defender for Office 365 support for Microsoft Teams

Compliance considerations:

Compliance Area	Explanation
New data storage	URLs flagged as malicious may be stored temporarily.
Data processing changes	Messages are re-evaluated post-delivery for URL verdict changes, altering how message content is processed.
AI/ML capabilities	URL verdicts are determined using Microsoft Defender’s threat intelligence and ML-based detection.
Admin control	Admins can enable/disable the feature via Teams Admin Center.
Entra ID group control	Feature settings can be scoped using Entra ID group membership.