MC1239187 – Defender for Office 365 URL click alerts now include Microsoft Teams

Summary

On February 26, 2026, Microsoft Defender for Office 365 (MDO) URL click alerts will now include Microsoft Teams messages. This update allows security teams to detect and investigate malicious link clicks in Teams, extending visibility beyond email without affecting user workflows.

Feature Rollout Timeline:

• Public Preview (Worldwide): Late February – Early March 2026
• General Availability (Worldwide): Early – Mid March 2026
• GCC/GCCH/DoD: Early – Late May 2026

Research Source

Reporting from Microsoft 365 Message Center (MC1239187) indicates that licensed organizations for Defender for Office 365 Plan 2 and Microsoft 365 E5 will automatically receive this feature. Alerts are surfaced in the Defender portal alongside existing email-based alerts.

Technical Details

The update adds Teams URL click alerts to two existing MDO alerts:
• A user clicked through to a potentially malicious URL
• A potentially malicious URL click was detected

These alerts include:
• Teams message content as evidence for investigations
• Incident correlation across email and Teams signals
• Display of Teams data directly in incident pages for faster context

Observed Benefits

• Detect threats earlier across both Teams and email
• Provide richer investigation context for SOC teams
• Reduce context switching during incident analysis
• Improve overall alert visibility and correlation

Impact

Affected Users: All Teams users in licensed organizations
Affected Teams: Security admins and SOC teams
User Experience: No change to end-user workflows

Mitigation / Preparation Steps

• Review and update alert workflows and incident response playbooks
• Inform SOC and helpdesk teams about Teams URL click alerts
• No additional configuration required; feature is enabled by default for eligible tenants

References:
https://mc.merill.net/message/MC1239187