December 3, 2024
032824_1711_HowtoConfig13.png
Safe Links is a feature in Microsoft Defender for Office 365 (formerly known as Office 365 Advanced Threat Protection or ATP) that helps protect your organization from malicious hyperlinks in email messages. When an email contains a hyperlink, Safe Links checks the URL against a list of known malicious links. If the link is safe, the user can access the website normally. However, if the link is malicious, Safe Links blocks access to the website and alerts the user and administrators.

Safe Links is a feature in Microsoft Defender for Office 365 (formerly known as Office 365 Advanced Threat Protection or ATP) that helps protect your organization from malicious hyperlinks in email messages. When an email contains a hyperlink, Safe Links checks the URL against a list of known malicious links. If the link is safe, the user can access the website normally. However, if the link is malicious, Safe Links blocks access to the website and alerts the user and administrators.

Safe Links also provides time-of-click protection, which means it checks the link when the user clicks on it rather than when the email is received. This is important because an initially safe link could become malicious after the email was delivered.

To create a Safe Links policy in Microsoft Defender for Office 365, you can follow these general steps:

1.Login to the Microsoft Defender portal using your organization’s credentials.

https://security.microsoft.com/

2.Expand the Email & collaboration on the Microsoft Defender page and select Policies & rules.

032824 1711 HowtoConfig1 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

3.Select Threat policies on the Policies & rules page.

032824 1711 HowtoConfig2 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

4.Select Safe Links in the Policies.

032824 1711 HowtoConfig3 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

5.Click Create on the Safe links page.

032824 1711 HowtoConfig4 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

6.On the Name your policy page, enter a unique Name and description for the policy. Click Next.

032824 1711 HowtoConfig5 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

7.On the Users and domains page, you can select the Domains to which the policy applies and click Next

032824 1711 HowtoConfig6 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

8.On the Email session of URL & click protection settings page, when you turn this on, Safe Links will start to scan your email message. If it finds links within an email message, those hyperlinks would be checked against Microsoft’s threat intelligence. If the link is found malicious, it will be rewritten so that you know it is malicious. It would block users from accessing that link. You can also scope this policy to messages sent within the organization.

You can leverage real-time URL scanning for suspicious links that point to files. These files could be downloadable content. You could define the policy to pause the delivery of the message while the scan is in place.

You might have URLs internal to your organization that you do not want to be written. You can select the Do not rewrite URLs and define the URLs that should not be rewritten.

032824 1711 HowtoConfig7 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

9.On the Teams session of the URL & click protection settings page, Safe Links works across the Microsoft ecosystem. You could leverage that scanning technology within Microsoft Teams and the message contained therein.

10.On the Office 365 Apps session of the URL & click protection settings page, you can define Safe Links protection for Office 365 applications. These specific settings do not refer to email messages. They are about links that you might find in Office documents. These Office documents could also be attached to an email message. Within the Office document, you would have a link.

032824 1711 HowtoConfig8 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

11. You can track user clicks on the Click protection settings session of the URL & click protection settings page. You could also enable users to click through to the original URL. This means they would be presented with a warning page, and then the user would decide whether to browse to the original URL.

You can leverage organization branding for notification and warning pages. Click Next.

032824 1711 HowtoConfig9 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

12.On the Notification page, click Next to use the default notification text. You also could define your own.

032824 1711 HowtoConfig10 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

13.Click Submit on the Review page.

032824 1711 HowtoConfig11 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

14.Ensure the new Safe Links policy is created and click Done.

032824 1711 HowtoConfig12 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

15.You will notice that the new custom safe links policy has a priority of 0. It means it’s now taking the highest priority.

032824 1711 HowtoConfig13 - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

I hope you enjoy this post.

Cary Sun

X: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

Amazon Author: Amazon.com/author/carysun

ca16fbd3199de5f66b829b87082fb970?s=80&d=retro&r=g - How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

Author: Cary Sun

Cary Sun has a wealth of knowledge and expertise in data center and deployment solutions. As a Principal Consultant, he likely works closely with clients to help them design, implement, and manage their data center infrastructure and deployment strategies.
With his background in data center solutions, Cary Sun may have experience in server and storage virtualization, network design and optimization, backup and disaster recovery planning, and security and compliance management. He holds CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1999. Cary is also a Microsoft Most Valuable Professional (MVP), Microsoft Azure MVP, Veeam Vanguard and Cisco Champion. He is a published author with several titles, including blogs on Checkyourlogs.net, and the author of many books.
Cary is a very active blogger at checkyourlogs.net and is permanently available online for questions from the community. His passion for technology is contagious, improving everyone around him at what they do.

Blog site: https://www.checkyourlogs.net
Web site: https://carysun.com
Blog site: https://gooddealmart.com
Twitter: @SifuSun
in: https://www.linkedin.com/in/sifusun/
Amazon Author: https://Amazon.com/author/carysun