For years, security teams have poured resources into locking down the inbox, and for good reason. Email has always been the front door for phishing and social engineering. Unfortunately, another door has been left wide open: Microsoft Teams.
Threat actors are increasingly posing as IT helpdesk staff inside Microsoft Teams chats, exploiting the built-in trust employees place in their internal collaboration tools to steal credentials and take over accounts. And unlike email, these conversations happen completely outside the reach of most traditional security filters.
Our own data makes the scope of this exposure clear: 74% of surveyed organizations have external Teams access enabled with no domain restrictions in place. Just as concerning, many of these organizations have no clear internal owner responsible for that configuration, meaning a dangerous default can sit unnoticed and unaddressed indefinitely.
Closing the Gap Between Email and Chat
Today, we’re extending KnowBe4 Defend’s threat detection into Microsoft Teams, giving organizations a single, unified defense across the two communication channels attackers rely on most.
This isn’t a bolt-on integration. It’s the same behavioral AI and detection engine that already protects your inbox, now applied to external Teams conversations and a new layer of visibility into the Teams configurations that create risk in the first place.
What’s New
Continuous Chat Monitoring: Defend ingests messages from external Teams senders and runs them through a multi-layer detection engine, including URL blacklisting, antivirus scanning, and WHOIS analysis with the same rigor already applied to inbound email.
Automated Remediation, Your Way: Admins can choose Report Only mode to build confidence in detection accuracy before rolling out automation, or Block mode, which automatically removes dangerous messages from a user's chat before they can interact with them.
Posture Management for Teams: Detection is only half the battle. Many of these risks start with configuration. Defend now audits your Microsoft Teams Admin Center settings, surfacing vulnerable external-access defaults and providing guided steps to remediate them.
One Console with Unified Visibility: All Teams threat data lives natively inside the Defend console, including a new Recent Messages tab and a dedicated Teams Security Posture section. SOC teams get full visibility into both channels without switching tools or losing context.
Pairs Naturally with the Teams Phish Alert Button (PAB)
This isn’t KnowBe4’s first move into securing Microsoft Teams. Earlier this year, we launched the Phish Alert Button (PAB) for Microsoft Teams, giving end users the same one-click reporting experience in Teams that they already know from email. This gives your workforce a way to remain vigilant and report suspicious activity across all collaboration mechanisms.
Defend’s new Teams capabilities add that necessary protection before the message lands in the user’s Teams. Together, the two form a complete Teams security strategy: automated detection and posture management from Defend backed by an empowered, well-trained workforce equipped with the PAB for anything that end users want extra eyes on.
Collaborating Should Be Fun, Not Fearful
Microsoft Teams has become essential to how global teams get work done. It shouldn’t come with an asterisk. With Defend now securing both email and Teams, employees can collaborate the way they already do: quickly, informally and across external partners without fear of opening the door for attackers.
We’re not just protecting the inbox anymore. We’re protecting the conversation. Wherever it happens.
What to see how Defend secures both email and Microsoft Teams from a single console? Get a demo or visit the Defend product page to learn more.
