Configure global settings for Safe Links in Microsoft Defender for Office 365

Important

The improved Microsoft 365 security center is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Learn what's new. This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. Refer to the Applies To section and look for specific call-outs in this article where there might be differences.

Applies to

Important

This article is intended for business customers who have Microsoft Defender for Office 365. If you are a home user looking for information about Safelinks in Outlook, see Advanced Outlook.com security.

Safe Links is a feature in Microsoft Defender for Office 365 that provides URL scanning of inbound email messages in mail flow, and time of click verification of URLs and links in email messages and in other locations. For more information, see Safe Links in Microsoft Defender for Office 365.

You configure most Safe Links settings in Safe Links policies. For instructions, see Set up Safe Links policies in Microsoft Defender for Office 365.

But, Safe Links also uses global settings that apply to all users who are included in any active Safe Links policies. These global settings area:

You can configure the global Safe Links settings in the Security & Compliance Center or in PowerShell (Exchange Online PowerShell for eligible Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes, but with Microsoft Defender for Office 365 add-on subscriptions).

What do you need to know before you begin?

Configure the "Block the following URLs" list in the Security & Compliance Center

The Block the following URLs list identifies the links that should always be blocked by Safe Links scanning in supported apps. For more information, see "Block the following URLs" list for Safe Links.

  1. In the Security & Compliance Center, go to Threat management > Policy > ATP Safe Links, and then click Global settings.

  2. In the Safe Links policy for your organization fly out that appears, go to the Block the following URLs box.

  3. Configure one or more entries as described in Entry syntax for the "Block the following URLs" list.

    When you're finished, click Save.

Configure the "Block the following URLs" list in PowerShell

For details about the entry syntax, see Entry syntax for the "Block the following URLs" list.

You can use the Get-AtpPolicyForO365 cmdlet to view existing entries in the BlockURLs property.

  • To add values that will replace any existing entries, use the following syntax in Exchange Online PowerShell or Exchange Online Protection PowerShell:

    Set-AtpPolicyForO365 -BlockUrls "Entry1","Entry2",..."EntryN"
    

    This example adds the following entries to the list:

    • Block the domain, subdomains, and paths for fabrikam.com.
    • Block the subdomain research, but not the parent domain or other subdomains in tailspintoys.com
    Set-AtpPolicyForO365 -BlockUrls "fabrikam.com","https://research.tailspintoys.com*"
    
  • To add or remove values without affecting other existing entries, use the following syntax:

    Set-AtpPolicyForO365 -BlockUrls @{Add="Entry1","Entry2"...; Remove="Entry3","Entry4"...}
    

    This example adds a new entry for adatum.com, and removes the entry for fabrikam.com.

    Set-AtpPolicyForO365 -BlockUrls @{Add="adatum.com"; Remove="fabrikam"}
    

Safe Links protection for Office 365 apps applies to documents in supported Office desktop, mobile, and web apps. For more information, see Safe Links settings for Office 365 apps.

  1. In the Security & Compliance Center, go to Threat management > Policy > ATP Safe Links, and then click Global settings.

  2. In the Safe Links policy for your organization fly out that appears, configure the following settings in the Settings that apply to content except email section:

    • Office 365 applications: Verify the toggle is to the right to enable Safe Links for supported Office 365 apps: Toggle on.

    • Do not track when users click Safe Links: Move the toggle to the left to track user clicks related to blocked URLs in supported Office 365 apps: Toggle off.

    • Do not let users click through Safe Links to the original URL: Verify the toggle is to the right to prevent users from clicking through to the original blocked URL in supported Office 365 apps: Toggle on.

    When you're finished, click Save.

If you'd rather use PowerShell to configure Safe Links protection for Office 365 apps, use the following syntax in Exchange Online PowerShell or Exchange Online Protection PowerShell:

Set-AtpPolicyForO365 [-EnableSafeLinksForO365Clients <$true | $false> [-AllowClickThrough <$true | $false>] [-TrackClicks <$true | $false>]

This example configures the following settings for Safe Links protection in Office 365 apps:

  • Safe Links for Office 365 apps is turned on (we aren't using the EnableSafeLinksForO365Clients parameter, and the default value is $true).
  • User clicks related to blocked URLs in supported Office 365 apps are tracked.
  • Users are not allowed to click through to the original blocked URL in supported Office 365 apps (we aren't using the AllowClickThrough parameter, and the default value is $false).
Set-AtpPolicyForO365 -TrackClicks $true

For detailed syntax and parameter information, see Set-AtpPolicyForO365.

How do you know these procedures worked?

To verify that you've successfully configured the global settings for Safe Links (the Block the following URLs list and the Office 365 app protection settings), do any of the following steps:

  • In the Security & Compliance Center, go to Threat management > Policy > ATP Safe Links, click Global settings, and verify the settings in the fly out that appears.

  • In Exchange Online PowerShell or Exchange Online Protection PowerShell, run the following command and verify the settings:

    Get-AtpPolicyForO365 | Format-List BlockUrls,EnableSafeLinksForO365Clients,AllowClickThrough,TrackClicks
    

    For detailed syntax and parameter information, see Get-AtpPolicyForO365.