How to Configure Custom Safe Links Policies in Microsoft Defender for Office 365

Safe Links is a feature in Microsoft Defender for Office 365 (formerly known as Office 365 Advanced Threat Protection or ATP) that helps protect your organization from malicious hyperlinks in email messages. When an email contains a hyperlink, Safe Links checks the URL against a list of known malicious links. If the link is safe, the user can access the website normally. However, if the link is malicious, Safe Links blocks access to the website and alerts the user and administrators.

Safe Links also provides time-of-click protection, which means it checks the link when the user clicks on it rather than when the email is received. This is important because an initially safe link could become malicious after the email was delivered.

To create a Safe Links policy in Microsoft Defender for Office 365, you can follow these general steps:

1.Login to the Microsoft Defender portal using your organization’s credentials.

https://security.microsoft.com/

2.Expand the Email & collaboration on the Microsoft Defender page and select Policies & rules.

3.Select Threat policies on the Policies & rules page.

4.Select Safe Links in the Policies.

5.Click Create on the Safe links page.

6.On the Name your policy page, enter a unique Name and description for the policy. Click Next.

7.On the Users and domains page, you can select the Domains to which the policy applies and click Next

8.On the Email session of URL & click protection settings page, when you turn this on, Safe Links will start to scan your email message. If it finds links within an email message, those hyperlinks would be checked against Microsoft’s threat intelligence. If the link is found malicious, it will be rewritten so that you know it is malicious. It would block users from accessing that link. You can also scope this policy to messages sent within the organization.

You can leverage real-time URL scanning for suspicious links that point to files. These files could be downloadable content. You could define the policy to pause the delivery of the message while the scan is in place.

You might have URLs internal to your organization that you do not want to be written. You can select the Do not rewrite URLs and define the URLs that should not be rewritten.

9.On the Teams session of the URL & click protection settings page, Safe Links works across the Microsoft ecosystem. You could leverage that scanning technology within Microsoft Teams and the message contained therein.

10.On the Office 365 Apps session of the URL & click protection settings page, you can define Safe Links protection for Office 365 applications. These specific settings do not refer to email messages. They are about links that you might find in Office documents. These Office documents could also be attached to an email message. Within the Office document, you would have a link.

11. You can track user clicks on the Click protection settings session of the URL & click protection settings page. You could also enable users to click through to the original URL. This means they would be presented with a warning page, and then the user would decide whether to browse to the original URL.

You can leverage organization branding for notification and warning pages. Click Next.

12.On the Notification page, click Next to use the default notification text. You also could define your own.

13.Click Submit on the Review page.

14.Ensure the new Safe Links policy is created and click Done.

15.You will notice that the new custom safe links policy has a priority of 0. It means it’s now taking the highest priority.

I hope you enjoy this post.

Cary Sun

X: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

Amazon Author: Amazon.com/author/carysun

About Post Author

Leave a Reply