Teams Security Baselines: Protected Links
Spending 10 minutes or less will help your M365 environment be a little more secure
In Oct. 2022, CISA released a document called Microsoft Teams: M365 Minimum Viable Secure Configuration Baseline. This document outlines 13 steps to take to raise your Microsoft Teams environment to a minimum viable security posture. In this series, we’ll take a look at these 13 steps over a series of articles.
Baseline 13: Protected Links
This baseline reads “Link Protection SHOULD Be Enabled.”
What is it?
To help protect against users clicking on malicious links, Microsoft Defender can be set to alter URLs to proxy them through a scanning service to check to see if the domain is on a block list or lists of other malicious sites. If the link points to a file, the file is scanned. After passing all the checks, the user is redirected back to the original URL.
Why is it bad?
Phishing is one of the most common attack vectors, and the use of malicious links is the primary tactic.
What should you know before enforcement?
Link scanning for Teams is configured outside of Teams in the Microsoft Security Center/Microsoft Defender portal at security.microsoft.com.
How do you enforce it?
Login to Microsoft Defender at security.microsoft.com and navigate to Email and collaboration —> Policies and rules. Select Threat policies —> Policies —> Safe links. Create a Safe Links policy (or edit an existing policy if this has already been configured).
Walk through the Safe Links policy wizard. For Teams specifically, there is one toggle for turning Safe Links on for Teams. While outside the scope of this article, you can also set up Safe Links for Exchange and O365 from this same wizard.
Note: The articles in the Security Baselines series aren’t being sent via the subscriber emails. Once the series is complete, I’ll be publishing a single article with links to all of the articles in the series.