Safe Links Policy [CHK-1059]
The Safe Links policy provides a security layer for Office documents and emails by checking and rewriting URLs, if necessary, at the time of clicking.
Rationale
Enabling Safe Links for Office extends phishing protection for documents and emails containing hyperlinks, even after they have been delivered to the user.
Fix
An automated fix is available through Attic.
Manual steps:
- Go to Microsoft 365 Defender
- Under Email & collaboration, select Policies & rules
- Select Threat policies and then Safe Links
- Click on +Create
- Give the policy a name and click Next
- In Domains, select all valid domains for the organization and click Next
- Ensure the following URL & click protection settings are set:
- Email
- Turn ON: Safe Links checks a list of known, malicious links when users click links in email. URLs are rewritten by default
- Turn ON: Apply Safe Links to email messages sent within the organization
- Turn ON: Apply real-time URL scanning for suspicious links and links that point to files
- Turn ON: Wait for URL scanning to complete before delivering the message
- Turn OFF: Do not rewrite URLs, do checks via Safe Links API only
- Teams
- Turn ON: Safe Links checks a list of known, malicious links when users click links in Microsoft Teams. URLs are not rewritten.
- Office 365 Apps
- Turn ON: Safe Links checks a list of known, malicious links when users click links in Microsoft Office apps. URLs are not rewritten.
- Click protection settings
- Turn ON: Track user clicks
- Turn OFF: Let users click through the original URL
- Email
- Click Next twice and finally Submit
Impact
Users may notice a slight delay when opening a URL before being redirected to the requested site. Users should be informed of this change as, in the event a link is unsafe and blocked, they will see a notification that the site has been blocked.