MC1150984: Microsoft Defender for Office 365: Message Warnings for Messages with Malicious URLs in Teams
Microsoft Defender for Office 365 will introduce message warnings in Microsoft Teams for messages containing URLs flagged as Spam, Phish, or Malware. Starting with a public preview in September 2025 and general availability in November 2025, warnings will appear for both recipients and senders, e...
[Introduction]
To help users stay protected from malicious content, we’re introducing message warnings in Microsoft Teams. This new feature displays a warning banner on messages containing URLs flagged as Spam, Phish, or Malware—whether the message is internal or external. These warnings enhance user awareness and complement existing security protections like Safe Links and ZAP.
This post is associated with Roadmap ID 502879.
This message center post was created in collaboration with Microsoft Teams and is related to the Teams post MC1148539.
Figure i. Recipient View: Users will find a warning banner on messages containing malicious URLs.
Figure ii. Sender View: Senders will also be notified if their message includes a flagged URL.
[When this will happen:]
- Public Preview (Worldwide): Begins early September 2025 and completes by mid-September 2025.
- General Availability (Worldwide): Begins early November 2025 and completes by mid-November 2025.
[How this affects your organization:]
- Who is affected: All Microsoft Defender for Office 365 (MDO) customers and Microsoft Teams enterprise customers.
- What will happen:
- Message warnings will appear in two scenarios:
- Known Malicious URLs: If a URL is already identified as malicious, the message will be delivered with a warning.
- Post-Delivery URLs: If a URL becomes malicious after delivery, a warning will be added retroactively for up to 48 hours.
- Recipient View: Users will see a warning banner on messages containing malicious URLs.
- Sender View: Senders will also be notified if their message includes a flagged URL.
- The feature will be enabled by default at General Availability.
- Admins can manage the feature via Teams Admin Center > Messaging settings.
- If at least one tenant has the feature enabled, message warnings will be active across the tenant.
- Message warnings work alongside existing protections:
- Safe Links: Continues to provide time-of-click protection in Teams.
- ZAP message blocking: If ZAP is enabled, ZAP blocks take precedence over message warnings.
- Message warnings will appear in two scenarios:
[What you can do to prepare:]
- Review and configure settings in Teams Admin Center > Messaging settings.
- Communicate this change to helpdesk and support teams.
- Update internal documentation to reflect new message warning behavior.
- For Public Preview, opt-in via the toggle in Teams Admin Center > Messaging settings.
- Learn more:
[Compliance considerations:]
| Compliance Area | Explanation |
|---|---|
| New data storage | URLs flagged as malicious may be stored temporarily. |
| Data processing changes | Messages are re-evaluated post-delivery for URL verdict changes, altering how message content is processed. |
| AI/ML capabilities | URL verdicts are determined using Microsoft Defender’s threat intelligence and ML-based detection. |
| Admin control | Admins can enable/disable the feature via Teams Admin Center. |
| Entra ID group control | Feature settings can be scoped using Entra ID group membership. |