Set-SafeLinksPolicy

This cmdlet is available only in the cloud-based service.

Use the Set-SafeLinksPolicy cmdlet to modify Safe Links policies in your cloud-based organization.

Note: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see Connect to Exchange Online PowerShell.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Set-SafeLinksPolicy
   [-Identity] <SafeLinksPolicyIdParameter>
   [-AdminDisplayName <String>]
   [-AllowClickThrough <Boolean>]
   [-Confirm]
   [-DeliverMessageAfterScan <Boolean>
   [-DoNotAllowClickThrough <Boolean>]
   [-DoNotRewriteUrls <MultiValuedProperty>]
   [-DoNotTrackUserClicks <Boolean>]
   [-EnableForInternalSenders <Boolean>]
   [-EnableSafeLinksForTeams <Boolean>]
   [-ExcludedUrls <String[]>]
   [-IsEnabled <Boolean>]
   [-ScanUrls <Boolean>]
   [-TrackClicks <Boolean>]
   [-WhatIf]
   [-WhiteListedUrls <String>]
   [<CommonParameters>]

Description

Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site.

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.

Examples

Example 1

Set-SafeLinksPolicy -Identity "Engineering Block URL" -TrackClicks $true

This example modifies the existing Safe Links policy named Engineering Block URL to track user clicks on URLs in URL trace.

Parameters

-AdminDisplayName

The AdminDisplayName parameter specifies a description for the policy. If the value contains spaces, enclose the value in quotation marks (").

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-AllowClickThrough

This parameter has been deprecated. Use the DoNotAllowClickThrough parameter instead.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.
  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-DeliverMessageAfterScan

The DeliverMessageAfterScan parameter specifies whether to deliver email messages only after Safe Links scanning is complete. Valid values are:

  • $true: Wait until Safe Links scanning is complete before delivering the message. Messages that contain malicious links are not delivered.
  • $false: If Safe Links scanning can't complete, deliver the message anyway. This is the default value.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-DoNotAllowClickThrough

The DoNotAllowClickThrough parameter specifies whether to allow users to click through to the original URL on warning pages. Valid values are:

  • $true: The user isn't allowed to click through to the original URL.
  • $false: The user is allowed to click through to the original URL. This is the default value.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-DoNotRewriteUrls

The DoNotRewriteUrls parameter specifies the URLs that are not rewritten by Safe Links scanning. The list of entries allows users who are included in the policy to access the specified URLs that would otherwise be blocked by Safe Links.

You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".

For details about the entry syntax, see Entry syntax for the "Do not rewrite the following URLs" list.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-DoNotTrackUserClicks

The DoNotTrackUserClicks parameter specifies whether to track user clicks related to Safe Links protection of links in email messages. Valid values are:

  • $true: User clicks in email messages aren't tracked.
  • $false: User clicks in email messages are tracked. This is the default value.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableForInternalSenders

The EnableForInternalSenders parameter specifies whether the Safe Links policy is applied to messages sent between internal senders and internal recipients within the same Exchange Online organization. Valid values are:

  • $true: The policy is applied to internal and external senders.
  • $false: The policy is applied only to external senders. This is the default value.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableSafeLinksForTeams

Note: As of March 2020, this parameter is in Preview is available only for members of the Microsoft Teams Technology Adoption Program (TAP).

The EnableSafeLinksForTeams parameter specifies whether Safe Links is enabled for Microsoft Teams. Valid values are:

  • $true: Safe Links is enabled for Teams. When a user clicks a link in a Teams conversation, group chat, or from channels, the link is checked by Safe Links. If the link is found to be malicious, a warning page appears in the default web browser.
  • $false: Safe Links isn't enabled for Teams. This is the default value.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-ExcludedUrls

This parameter has been deprecated. Use the DoNotRewriteUrls parameter instead.

Type:String[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-Identity

The Identity parameter specifies the Safe Links policy that you want to modify.

You can use any value that uniquely identifies the policy. For example:

  • Name
  • Distinguished name (DN)
  • GUID
Type:SafeLinksPolicyIdParameter
Position:1
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-IsEnabled

The IsEnabled parameter specifies whether to enable Safe Links protection for email messages. Valid values are:

  • $true: Enable Safe Links protection for email messages. Rewrite URLs and check against a list of known malicious links whenever a user clicks a link in an email message.
  • $false: Disable Safe Links protection for email messages. Don't rewrite URLs and do not check clicked links in email messages. This is the default value.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-ScanUrls

The ScanUrls parameter specifies whether to enable or disable real-time scanning of clicked links in email messages. Valid values are:

  • $true: Real-time scanning of clicked links in email messages, including links that point to files, is enabled.
  • $false: Real-time scanning of clicked links in email messages, including links that point to files, is disabled. This is the default value.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-TrackClicks

This parameter is reserved for internal Microsoft use.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-WhatIf

The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-WhiteListedUrls

This parameter has been deprecated. Use the DoNotRewriteUrls parameter instead.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection

Inputs

Outputs