Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: MISCONFIGURATION
- FIX Available: YES
This Customer Check checks whether messages in Teams are scanned for unsafe links. When this feature is enabled, URLs that users receive or send within Teams are checked for a malicious reputation.
Why this check?
Microsoft Teams is a widely used communication platform within organizations. Attackers exploit this by sending malicious links via Teams messages. Users often trust messages within Teams more than emails, making them more likely to click on links without verifying them.
The Safe Links feature for Teams uses Microsoft Defender for Office 365 to check URLs in real-time when users click on them. If a link is identified as malicious, a warning is displayed to the user before the website opens. This prevents users from accessing phishing sites, malware, or other dangerous websites.
Without this protection, users are vulnerable to attacks via Teams messages, such as credential phishing, malware downloads, or business email compromise (BEC) attacks. It is therefore essential that this feature is enabled for all users.
What are the possible outcomes of this check?
This check has two possible outcomes. In Attic this is reflected as follows:
- Okay: Teams messages are scanned for unsafe links (UrlReputationCheck is enabled)
- Warning: Teams messages are NOT scanned for unsafe links, customer action is required
How should this be followed up?
If the output is Warning, we advise to enable URL reputation checking for Teams messages. This ensures that users are warned before they access potentially dangerous websites.
For this check, a Fix is available, which we will offer via Attic. The fix enables the UrlReputationCheck for Teams messages.
Manual Instructions
Follow these steps to manually adjust the setting:
- Open PowerShell and connect to Teams using the Teams PowerShell module with the command:
Connect-MicrosoftTeams - Check the current setting with the command:
Get-CsTeamsMessagingConfiguration -Identity Global | Select-Object UrlReputationCheck - Enable URL reputation checking with the command:
Set-CsTeamsMessagingConfiguration -Identity Global -UrlReputationCheck Enabled - Verify the change by repeating step 2. The value of UrlReputationCheck should now be "Enabled"
Comments
0 comments
Please sign in to leave a comment.