General
The Safe Links policy ensures that URLs in Office documents and emails are checked with Defender for Office at the time of clicking and rewritten if necessary.
Rationale
Safe Links for Office extends phishing protection for documents and emails containing hyperlinks, even after they have been delivered to the user.
Attic Fix
No fix is available for this check. Follow the advice by executing the manual instruction.
Manual Instruction
Perform these steps to adjust the setting:
- Go to Microsoft 365 Defender https://security.microsoft.com
- Under Email & collaboration, select Policies & rules
- Select Threat policies and then Safe Links
- Click on +Create
- Give the policy a name and click Next
- In Domains, select all valid domains for the organization and click Next
- Ensure the following URL & click protection settings are set:
-
Email
- Turn ON: Safe Links checks a list of known, malicious links when users click links in email. URLs are rewritten by default
- Turn ON: Apply Safe Links to email messages sent within the organization
- Turn ON: Apply real-time URL scanning for suspicious links and links that point to files
- Turn ON: Wait for URL scanning to complete before delivering the message
- Turn OFF: Do not rewrite URLs, do checks via Safe Links API only
-
Teams
- Turn ON: Safe Links checks a list of known, malicious links when users click links in Microsoft Teams. URLs are not rewritten.
-
Office 365 Apps
- Turn ON: Safe Links checks a list of known, malicious links when users click links in Microsoft Office apps. URLs are not rewritten.
-
Click protection settings
- Turn ON: Track user clicks
- Turn OFF: Let users click through the original URL
- There is no recommendation for Branding.
-
Email
- Click Next twice and finally Submit
Impact
Users may notice a slight delay when opening a URL before being redirected to the requested site. Users should be informed of this change as, in the event a link is unsafe and blocked, they will see a notification that the site has been blocked.
CIS Mapping
-
CIS Item: 2.4 (L2) Ensure Safe Links for Office Applications is Enabled
-
Profile: E5 Level 2
More Information
- https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links-policies-configure?view=o365-worldwide
- https://learn.microsoft.com/en-us/powershell/module/exchange/set-safelinkspolicy?view=exchange-ps
- https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide
Comments
0 comments
Please sign in to leave a comment.