Features Pricing
Learn
What is DMARC? What is SPF? What is DKIM? What is BIMI?
Free Tools
DMARC Checker SPF Checker DKIM Checker BIMI Checker MTA-STS Checker Blacklist Checker Header Analyzer Domain Scanner Phishing URL Checker Email Verification BIMI Logo Converter Academy Blog Docs About Contact
Sign in Start →

Microsoft Teams Integration

Connect Microsoft Teams to SpoofWard to receive alerts and reports directly in your team channels. SpoofWard uses incoming webhooks to deliver notifications, so you can route different alert types to different channels across your Teams workspace.

Business+ Feature

Microsoft Teams integration is available on Business and Enterprise plans. Pro plans can use basic Teams webhooks via Alert Channels.

Setting Up Incoming Webhooks in Teams

Before connecting SpoofWard, you need to create an incoming webhook in each Teams channel where you want to receive notifications.

Creating a Webhook in Microsoft Teams

  1. Open Microsoft Teams and navigate to the channel you want to receive alerts in
  2. Click the (More options) menu next to the channel name
  3. Select Connectors (or Manage channel → Connectors in newer versions)
  4. Find Incoming Webhook and click Configure
  5. Enter a name for the webhook (e.g., "SpoofWard Alerts")
  6. Optionally upload an icon for the webhook
  7. Click Create
  8. Copy the webhook URL that is generated — you will need this in SpoofWard
  9. Click Done
Important

Keep your webhook URLs secure. Anyone with the URL can post messages to your Teams channel. Do not share webhook URLs in public repositories or documentation.

Connecting Teams to SpoofWard

  1. Navigate to Settings → Integrations → Teams
  2. Click Add Teams Channel
  3. Enter a descriptive name for this connection (e.g., "Security Alerts Channel")
  4. Paste the incoming webhook URL you copied from Teams
  5. Click Verify to confirm the webhook is valid — a test message will appear in your Teams channel
  6. Click Save

Repeat this process for each Teams channel you want to use. You can add as many channels as needed.

Channel Mapping

After adding your Teams channels, configure which alert types are sent to each channel.

Available Alert Types

  • DNS Changes — Notifications when DNS records (DMARC, SPF, DKIM, MX) are added, modified, or removed
  • DMARC Failures — Alerts when email authentication failures exceed your configured thresholds
  • Threat Alerts — High-priority notifications for detected spoofing attempts, lookalike domains, or suspicious activity
  • Weekly Reports — Automated weekly summary of domain health, authentication rates, and threat activity
  • Domain Health Changes — Notifications when your DNS health score changes significantly
  • Certificate Alerts — Warnings about expiring TLS certificates or MTA-STS policy issues

Configuring Channel Mapping

  1. Navigate to Settings → Integrations → Teams
  2. Under Channel Mapping, click Add Mapping
  3. Select the alert type from the dropdown
  4. Select the target Teams channel from the list of channels you have connected
  5. Optionally set a minimum severity level (Low, Medium, High, Critical)
  6. Click Save

A common configuration for Teams environments:

  • Security Operations channel — Threat Alerts (High and Critical severity)
  • IT Infrastructure channel — DNS Changes, Domain Health Changes, Certificate Alerts
  • Email Administration channel — DMARC Failures
  • Management Reports channel — Weekly Reports

Notification Customization

Severity Filtering

Each channel mapping supports severity filtering to control the volume of notifications:

  • Low — Informational events such as successful routine scans
  • Medium — Notable events like minor configuration changes
  • High — Significant issues requiring prompt attention
  • Critical — Urgent situations like active spoofing attacks or DNS hijacking

Domain Filtering

If you manage multiple domains, you can filter notifications by domain under each channel mapping. Use the Domains selector to choose specific domains, or leave it set to All Domains for full coverage.

Message Format

SpoofWard sends Adaptive Card formatted messages to Teams. Each notification includes:

  • Alert type and severity (color-coded header)
  • Affected domain name
  • Event summary with key details
  • Action button linking directly to the relevant SpoofWard dashboard page
  • Timestamp

Testing the Integration

  1. Navigate to Settings → Integrations → Teams
  2. Click Send Test Notification next to any channel mapping
  3. Check the target Teams channel for the test card
  4. If the message does not appear, verify the webhook URL is still valid
Tip

If a webhook URL stops working, you may need to regenerate it in Teams. Webhook URLs can be invalidated if the connector is removed or the channel is deleted and recreated.

Managing Connections

  • Pause — Temporarily disable notifications to a specific Teams channel without removing the webhook configuration
  • Edit — Update the webhook URL or display name for a connected channel
  • Test — Send a test notification to verify the connection is active
  • Delete — Remove a Teams channel connection permanently

Troubleshooting

  • Notifications not arriving — Verify the webhook URL is still valid by sending a test. Check the delivery log under Settings → Integrations → Teams → Delivery Log.
  • Webhook URL rejected — Ensure the URL is a valid Microsoft Teams incoming webhook URL. It should start with https:// and contain webhook.office.com.
  • Cards not rendering — Adaptive Cards require a recent version of the Teams client. Update your Teams desktop or mobile app if cards appear as plain text.
  • Permission denied — You must be a channel owner or team admin to create incoming webhooks. Contact your Teams administrator if the Connectors option is not available.

Your domain is being tested right now.
Are you watching?

Protect your brand and improve deliverability — automatically, with continuous monitoring and alerts.

Start Free — No Credit Card View Pricing →