DeltaPulse now has a public MCP server. Add / integrate this tool with your Copilot Agent(s).

MCP Documentation

Microsoft Defender for Office 365: Message Warnings for Messages with Malicious URLs in Teams

Message ID
MC1150984
View in Message Center
Service
Microsoft Defender XDR
Category
Plan for Change
Tags
New featureUser impact
Rollout
September 2025November 2025
Roadmap ID
502879
View in M365 Roadmap
Platforms
AndroidDesktopiOSWeb

Summary

Microsoft Defender for Office 365 will introduce message warnings in Microsoft Teams for messages containing URLs flagged as Spam, Phish, or Malware. Starting with a public preview in September 2025 and general availability in November 2025, warnings will appear for both recipients and senders, enabled by default and manageable via Teams Admin Center.

Details

[Introduction]

To help users stay protected from malicious content, we’re introducing message warnings in Microsoft Teams. This new feature displays a warning banner on messages containing URLs flagged as Spam, Phish, or Malware—whether the message is internal or external. These warnings enhance user awareness and complement existing security protections like Safe Links and ZAP.

This post is associated with Roadmap ID 502879.

This message center post was created in collaboration with Microsoft Teams and is related to the Teams post MC1148539.

Figure i. Recipient View: Users will find a warning banner on messages containing malicious URLs.

user settings

Figure ii. Sender View: Senders will also be notified if their message includes a flagged URL.

user settings

[When this will happen:]

  • Public Preview (Worldwide): Begins early September 2025 and completes by mid-September 2025.
  • General Availability (Worldwide): Begins early November 2025 and completes by mid-November 2025.

[How this affects your organization:]

  • Who is affected: All Microsoft Defender for Office 365 (MDO) customers and Microsoft Teams enterprise customers.
  • What will happen:
    • Message warnings will appear in two scenarios:
      • Known Malicious URLs: If a URL is already identified as malicious, the message will be delivered with a warning.
      • Post-Delivery URLs: If a URL becomes malicious after delivery, a warning will be added retroactively for up to 48 hours.
    • Recipient View: Users will see a warning banner on messages containing malicious URLs.
    • Sender View: Senders will also be notified if their message includes a flagged URL.
    • The feature will be enabled by default at General Availability.
    • Admins can manage the feature via Teams Admin Center > Messaging settings.
    • If at least one tenant has the feature enabled, message warnings will be active across the tenant.
    • Message warnings work alongside existing protections:
      • Safe Links: Continues to provide time-of-click protection in Teams.
      • ZAP message blocking: If ZAP is enabled, ZAP blocks take precedence over message warnings.

[What you can do to prepare:]

[Compliance considerations:]

Compliance AreaExplanation
New data storageURLs flagged as malicious may be stored temporarily.
Data processing changesMessages are re-evaluated post-delivery for URL verdict changes, altering how message content is processed.
AI/ML capabilitiesURL verdicts are determined using Microsoft Defender’s threat intelligence and ML-based detection.
Admin controlAdmins can enable/disable the feature via Teams Admin Center.
Entra ID group controlFeature settings can be scoped using Entra ID group membership.

Change History

Show
Published: September 10, 2025
Last Updated: September 10, 2025
No change history available

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

Explore Dashboard Sign Up Free