In a significant security enhancement announced today, Microsoft has successfully rolled out SafeLinks protection worldwide for M365 Copilot Chat across Desktop, Web, Outlook Mobile, Teams Mobile, and the Microsoft 365 Copilot Mobile app on both iOS and Android platforms. 

This integration provides crucial time-of-click URL protection for hyperlinks generated in AI-powered responses, addressing growing cybersecurity concerns in the rapidly evolving AI landscape.

The SafeLinks feature, a core component of Microsoft Defender for Office 365, now automatically analyzes URLs presented in Copilot Chat responses at the moment of clicking, scanning for potential threats before allowing users to access the destination. 

This real-time protection works by wrapping original URLs with a security-checking mechanism that evaluates link safety without disrupting the user experience.

“As AI continues to evolve, so do the threats that come with it,” reads the Microsoft’s official blog. 

“At Microsoft, we are dedicated to staying ahead of these threats and providing our customers with the tools they need to stay secure.”

M365 Copilot Chat Security Enhancements

The implementation delivers three key enhancements to M365 Copilot Chat security:

First, users with Microsoft Defender for Office 365 Plan 1 or Plan 2 subscriptions receive full SafeLinks protection, with no additional policy configuration required. 

When potentially malicious links are detected, users are presented with warning screens preventing access to dangerous sites. 

Security Operations Center analysts can track these events through the Microsoft Defender Security Center, where URL protection reports display comprehensive summaries of threats detected and actions taken.

Second, for organizations without Microsoft Defender for Office 365 subscriptions, M365 Copilot Chat now includes native time-of-click URL reputation checking for all hyperlinks in chat responses.

This ensures baseline protection even without the full SafeLinks implementation.

Third, M365 Copilot Chat no longer redacts hyperlinks in chat responses when they appear in the grounding data used to generate responses, improving usability while maintaining security.

SafeLinks Integration in M365 Copilot Chat and Office Apps

The technical integration functions through the SafeLinks API, which evaluates URLs against Microsoft’s continuously updated threat intelligence database. 

This security enhancement comes as part of Microsoft’s broader effort to secure AI-powered communications. The worldwide rollout began in March 2025 and is scheduled for completion by late May 2025.

Looking ahead, Microsoft has confirmed that SafeLinks protection will extend to Copilot App Chats for Word, PowerPoint, and Excel, creating a comprehensive security ecosystem across the Microsoft 365 platform.

The integration addresses mounting concerns about AI tools potentially surfacing malicious links, especially as organizations increasingly incorporate these technologies into their workflows. 

With SafeLinks protection now active in Copilot Chat, Microsoft positions its AI offerings as both innovative and secure, balancing enhanced functionality with essential security controls.

Vulnerability Attack Simulation on How Hackers Rapidly Probe Websites for Entry Points – Free Webinar