Safe Links is a feature available in Microsoft 365 Defender that provides URL time-of-click verification and protection against malicious URLs. Configuring and managing Safe Links is an important part of the MS-203 Microsoft 365 Messaging exam.

Table of Contents

Understanding Safe Links

Safe Links is a pro-active defense mechanism that checks links in email messages, attachments, and Microsoft Teams messages, providing real-time, behind-the-scenes checks for potentially malicious links. When users click on a URL, Safe Links analyzes the URL for malicious behavior. If it’s identified as malicious, the user will be redirected to a warning page instead of the destination webpage.

The benefits of Safe Links include:

  • Real-Time URL Check: Links are checked in real-time to immediately assess risk and protect users.
  • Dynamic Delivery: Users can read and respond to email while attachments are being scanned.
  • URL Tracing: Provides insights into who clicked a malicious URL.

Configuring Safe Links

Safe Links is part of the Microsoft Defender for Office 365 Plan 2 subscription. Once subscribed, you can configure Safe Links in the Security & Compliance Center by the following steps:

  1. Navigate to ‘Threat Management’ > ‘Policy’
  2. Click ‘Safe Links’.
  3. Click ‘+ Create’ to create a new Safe Links policy, or choose an existing one to modify.
  4. In the new policy page, specify the name, settings, and recipients for the policy.
  5. Click ‘Save’.

Key settings that can be configured include:

  • ‘Do not track when users click safe links’: If you select this, click data will not be stored.
  • ‘Do not let users click through the safe links to the original URL’: If you select this, users will be prevented from bypassing the warning page.
  • ‘Use safe links in Office 365 ProPlus, Office for iOS and Android’: This wraps URLs in Office documents to provide time-of-click verification.

Managing Safe Links

To manage Safe Links, navigate to Microsoft 365 Defender portal > ‘Policy Management’ > ‘Threat Policies’ > ‘Anti-phishing’ or ‘Anti-spam’. From this platform, you can manage Safe Links policies. This includes viewing, editing, or removing existing policies, or creating new ones.

You also have the capability to specify different policies for different groups or users. This is especially useful in an organization with teams that have varying security needs.

Verifying Safe Links Policy

To ensure Safe Link policies are working as expected, Microsoft recommends sending a test email with a known mixed content to the configured users. The test will help validate the Safe Link actions and ensure the policy is correct.

In conclusion, Safe Links is an essential component in the Microsoft 365 suite to ensure users interact with safe content. In the MS-203 Microsoft 365 Messaging exam, a good understanding of how configure and manage Safe Links will be essential. Ensure you are conversant with every aspect related to Safe Links to improve your chances of acing the exam.

Practice Test

True or False: Safe Links is a feature in Office 365 Advanced Threat Protection that provides URL scanning and rewriting of inbound email messages in mail flow.

  • True
  • False

Answer: True

Explanation: Safe Links is indeed a feature of Office 365’s Advanced Threat Protection that provides real-time, time-of-click protection against malicious URLs by rewriting the original URL and routing the click through Safe Links for scanning.

Which of the following is not a component of configuring Safe Links in a policy setting?

  • a) Specify the recipient domains that the policy applies to
  • b) Specify the DNS zones to apply the policy to
  • c) Control whether Office 365 ATP Safe Links protection is tracked and logged
  • d) Allow click-through for Safe Links in messages

Answer: b) Specify the DNS zones to apply the policy to

Explanation: Safe Links policy setting does not involve specifying DNS zones. It involves specifying the recipient domains, allowing policy click-through, and controlling whether Safe Links protection is tracked and logged.

True or False: Safe Links protection is only applicable to URLs in email messages.

  • True
  • False

Answer: False

Explanation: Safe Links protection not only applies to URLs in email messages, but also in Office 365 ProPlus documents, Office Android and iOS apps, Teams, and other Microsoft Office 365 software.

What is the maximum number of Safe Links policies that you can create in Office 365?

  • a) 10
  • b) 745
  • c) 500
  • d) 60

Answer: c) 500

Explanation: You can create up to 500 Safe Links policies in Office

Can you selectively apply Safe Links protection to specific users or groups in a company?

  • a) Yes
  • b) No

Answer: a) Yes

Explanation: Safe Links protection can be applied to the company-wide level, to specific domains, or to specific groups or individual recipients.

True or False: Safe Link policies have a default mode to block unknown URLs.

  • True
  • False

Answer: False

Explanation: Safe Links policies do not have a default mode to block unknown URLs. This is a setting in the policy that administrators can choose to enable or disable.

Can Office 365 ATP Safe Links protection be applied to messages and URLs that are already delivered and found in users’ mailboxes?

  • a) Yes
  • b) No

Answer: b) No

Explanation: Safe Links protection does not apply to messages and URLs that are already delivered and in users’ mailboxes.

Which option in Safe Link policy setting allows users to continue to the original URL at their own risk?

  • a) User override
  • b) Do not track
  • c) Do not rewrite
  • d) Do not decrypt

Answer: a) User override

Explanation: The user override option in Safe Link policy setting allows users to continue to the original URL at their own risk, even if Safe Links identifies it as malicious.

If you select the “do not rewrite” option in Safe Link Policy, what will happen?

  • a) The links will be redirected to the original site without checking their safety.
  • b) The links will be checked for safety, but users can opt to proceed.
  • c) The links will not be altered and can be clicked without verification.
  • d) The links will be left unchanged, but still verified for safety.

Answer: a) The links will be redirected to the original site without checking their safety.

Explanation: When the “do not rewrite” option is selected, the link is not rewritten by Safe Links and hence, the user is not protected from any potential threat pose by the site.

True or False: Safe Links cannot provide real-time click-time analysis.

  • True
  • False

Answer: False

Explanation: Safe Links provides time-of-click verification, which means it provides real-time analysis of the website the user is trying to access.

Which apps are protected by Office 365 ATP Safe Links policies?

  • a) Microsoft Teams
  • b) Office 365 ProPlus
  • c) Office for iOS and Android
  • d) All of the above

Answer: d) All of the above

Explanation: Office 365 ATP Safe Links policies can offer protection to Microsoft Teams, Office 365 ProPlus, and Office for iOS and Android.

True or False: A Safe Links policy without any selected settings will still offer basic URL protection.

  • True
  • False

Answer: True

Explanation: Even without any specific settings selected, a Safe Links policy will still rewrite URLs and check them for safety, offering a basic level of protection against malicious websites.

How does Safe Links protect against potentially harmful links in email?

  • a) By blocking all links
  • b) By rewriting the links and checking them at the click time
  • c) By redirecting the links to a Microsoft-owned site
  • d) By sending the links to Microsoft for a security check

Answer: b) By rewriting the links and checking them at the click time

Explanation: Safe Links rewrites the URLs in the incoming emails and when a user clicks on the link, it checks the link for any potential threats.

True or False: Safe Links checks all URLs for potential threats, even those URLs that are in the organization’s email branding.

  • True
  • False

Answer: True

Explanation: Safe Links checks all URLs for threats, irrespective of the source of the email. The goal is to provide a secure environment for all users.

True or False: Safe Links can protect users only when they are using a Microsoft browser.

  • True
  • False

Answer: False

Explanation: Safe Links protects users regardless of the browser they are using to access their mailboxes.

Interview Questions

1. What is Safe Links in Microsoft 365?

Safe Links is a part of Microsoft Defender for Office 365 that provides URL scanning and rewriting of inbound email messages in mail flow, and time-of-click verification of URLs.

2. What threat does Safe Links protect against?

Safe Links helps protect against malicious links in email, Teams, and Office documents by scanning and checking links when they’re clicked.

3. How does Safe Links “time-of-click” protection work?

When a user clicks a rewrited URL (typically via email), Safe Links uses “time-of-click” protection that checks the URL for malicious content just before they’re taken there and blocks the URL if malicious content is found.

4. Can we configure Safe Links policies to specific employees or departments in the organization?

Yes, you can target Safe Links protection to specific users, groups of users, or across a whole domain.

5. What necessary steps are required to configure Safe Links in Microsoft 365?

To configure Safe Links, navigate to the Security & Compliance Center, create a new Safe Links policy or edit an existing one, specify the settings, and then enforce the policy.

6. Are Safe Links checked in real-time?

Yes, Safe Links are checked in real-time, at the time of click, for potentially malicious content.

7. Can a Safe Links policy be configured to deliver the message with the original URL instead of replacing it?

No, Safe Links doesn’t have a policy option to deliver messages with the original URL as it’s replaced with a safe URL and verified every time it’s clicked.

8. Is Safe Links able to protect users from downloaded malicious content from URLs?

Yes, Safe Links is able to protect users by checking downloaded content for malware.

9. Can Safe Links work with Microsoft Teams?

Yes, as of February 2021, Safe Links protection has been extended to Microsoft Teams.

10. What happens when a user clicks a malicious link protected by Safe Links?

When a user clicks a malicious link, Safe Links blocks the destination URL and displays a warning page to the user.

11. How can you verify that Safe Links is working correctly?

You can verify that Safe Links is working by checking the URL rewriting in messages. The rewritten URLs start with “https://nam01.safelinks.protection.outlook.com/”

12. Can Safe Links scanning be applied to internal emails within an organization?

Yes, you can choose to apply Safe Links protection to internal messages sent and received within the organization.

13. Is there a way for administrators to get reports on Safe Links?

Yes, administrators can use the Threat Protection Status report or use the Office 365 management activity API for detailed reporting.

14. Can Safe Links block a specific URL?

Yes, you can chose to block a specific URL by adding it to the Blocked URLs list on the Safe Links policy settings page.

15. Can end users override a link blocked by Safe Links?

Yes, but only if the Safe Links policy is configured to allow users to click through to the original URL.

Leave a Reply

Your email address will not be published. Required fields are marked *