Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Even if you aren't using Microsoft Defender for Office 365 for email protection, you can still use it for Microsoft Teams protection.
This article contains the quick steps to turn on and configure Defender for Office 365 protection for Microsoft Teams.
What do you need to know before you begin?
You open the Microsoft Defender portal at https://security.microsoft.com.
You need to be assigned permissions before you can do the procedures in this article. You have the following options:
Microsoft Defender XDR Unified role based access control (RBAC) (If Email & collaboration > Defender for Office 365 permissions is
Active. Affects the Defender portal only, not PowerShell): Authorization and settings/Security settings/Core Security settings (manage).Email & collaboration permissions in the Microsoft Defender portal and Exchange Online permissions:
- Membership in the Organization Management or Security Administrator role groups in Email & collaboration permissions and membership in the Organization Management role group in Exchange Online permissions.
Microsoft Entra permissions: Membership in the Global Administrator* or Security Administrator roles gives users the required permissions and permissions for other features in Microsoft 365.
Important
* Microsoft strongly advocates for the principle of least privilege. Assigning accounts only the minimum permissions necessary to perform their tasks helps reduce security risks and strengthens your organization's overall protection. Global Administrator is a highly privileged role that you should limit to emergency scenarios or when you can't use a different role.
Allow up to 30 minutes for a new or updated policy to be applied.
For more information about licensing requirements, see Licensing terms.
Teams integration deployment is part of the overall deployment process of Defender for Office 365. For more information, see Pilot and deploy Defender for Office 365.
Step 1: Verify Safe Attachments integration for Microsoft Teams
For complete instructions, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
In the Microsoft Defender portal, go to the Safe Attachments page at https://security.microsoft.com/safeattachmentv2.
On the Safe Attachments page, select
Global settings.In the Global settings flyout that opens, go to the Protect files in SharePoint, OneDrive, and Microsoft Teams section to verify Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams is
On.If the value is
Off, move the toggle to
On, and then select Save.
Tip
- You can't restrict Safe Attachments for SharePoint, OneDrive, and Microsoft Teams to Microsoft Teams only.
- You can't scope Safe Attachments for SharePoint, OneDrive, and Microsoft Teams to specific users. It's on or off for everyone.
Step 2: Verify Safe Links integration for Microsoft Teams
For complete instructions, see Use the Microsoft Defender portal to modify custom Safe Links policies.
In the Microsoft Defender portal, go to the Safe Links page at https://security.microsoft.com/safelinksv2.
On the Safe Links page, verify Teams integration is turned on in any custom policies (policies with a numerical Priority value) by doing the following steps:
Select the policy by clicking anywhere in the row other than the check box next to the first column.
In the Teams section of the Protection settings section in the details flyout that opens, verify the value is On: Safe Links checks a list of known, malicious links when users click links in Microsoft Teams. URLs are not rewritten.
If the value is Off, select Edit protection settings at the bottom of the Protection settings section. In the URL & click protection settings flyout that opens, select the check box in the Teams section, select Save, and then select Close.
Repeat these steps on every custom Safe Links policy.
Important
Teams integration is on in the Built-in protection preset security policy, but any other Safe Links policies take precedence over the Built-in protection preset security policy (as shown in the order they're listed on the Safe Links page). So, ensure that Teams protection is enabled in these policies.
Step 3: Verify warnings for unsafe links are shown in Microsoft Teams messages
Note
Currently, this feature is in Preview, isn't available in all organizations, and is subject to change.
You need to be assigned permissions before you can do the following procedure. Specifically, you need to be a member of the Teams Administrator or Global Administrator* roles in Microsoft Entra permissions.
Important
* Microsoft strongly advocates for the principle of least privilege. Assigning accounts only the minimum permissions necessary to perform their tasks helps reduce security risks and strengthens your organization's overall protection. Global Administrator is a highly privileged role that you typically limit to emergency scenarios or when you can't use a different role.
For more information about near real-time warning messages on known bad links in Microsoft Teams messages, see Microsoft Defender for Office 365 support for Microsoft Teams.
In the Microsoft Teams admin center, go to the Message settings page at https://admin.teams.microsoft.com/messaging/settings.
On the Message settings page, go to the Messaging safety section and verify the Scan messages for unsafe links toggle is
On.
Step 4: Defender for Office 365 Plan 2: Verify Zero-hour auto purge (ZAP) for Microsoft Teams
For complete instructions, see Configure ZAP for Teams protection in Defender for Office 365 Plan 2.
In the Microsoft Defender portal, go to the Microsoft Teams protection page at https://security.microsoft.com/securitysettings/teamsProtectionPolicy.
On the Microsoft Teams protection page, verify the toggle in the Zero-hour auto purge (ZAP) section is
On.If the value is
Off, move the toggle to
On, and then select Save.
Tip
When ZAP for Microsoft Teams is turned on, you can use Exclude these participants on the Microsoft Teams protection page to exclude users from Teams protection. For more information, see Configure ZAP for Teams protection in Defender for Office 365 Plan 2.
Step 5: Defender for Office 365 Plan 2: Configure user reported settings for Microsoft Teams
For complete instructions, see User reported message settings in Microsoft Teams.
In the Teams admin center, go to the Settings & policies page at https://admin.teams.microsoft.com/one-policy/settings.
On the Settings & policies page, select either the Global (Org-wide) default settings tab for all users or Custom policies for users & groups for specific users.
On the tab, go to the Messaging section and select Messaging. If you selected the Custom policies for users & groups tab in the previous step, do one of the following steps to edit the specific policy:
- Click on the policy name in the Name column.
- Click anywhere in the row other than the Name column, and then select the
Edit action that appears.
In the policy details page that opens, find the Report a security concern toggle, and verify the value is
On.If the value is
Off, move the toggle to
On, and then select Save.
In the Teams admin center, go to the Messaging settings page at https://admin.teams.microsoft.com/messaging/settings.
On the Messaging settings page, go to the Messaging safety section, find the Report incorrect security detections toggle, and verify the value is
On.If the value is
Off, move the toggle to
On, and then select Save.
In the Microsoft Defender portal, go to the User reported settings page at https://security.microsoft.com/securitysettings/userSubmission.
On the User reported settings page, go to the Microsoft Teams section, and verify Monitor reported messages in Microsoft Teams is selected.
If it's not selected, select the check box, and then select Save.
