設定 Microsoft Defender for Office 365 中的安全連結原則Set up Safe Links policies in Microsoft Defender for Office 365

重要

改良的 Microsoft 365 安全性中心現在可供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這個新的體驗將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心裡面。This new experience brings Defender for Endpoint, Defender for Office, 365 Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new. 本主題僅適合適用於 Office 365 的 Microsoft Defender 和 Microsoft 365 Defender。This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. 請參閱 [適用於] 區段,並且尋找此文章中可能有所不同的特定圖說文字。Refer to the Applies To section and look for specific call outs in this article where there might be differences.

適用於Applies to

重要

本文適用於擁有適用於 Office 365 的 Microsoft Defender 的商務客戶。This article is intended for business customers who have Microsoft Defender for Office 365. 如果您是尋找 Outlook 中 Safelinks 相關資訊的家用使用者,請參閱 Advanced Outlook.com securityIf you are a home user looking for information about Safelinks in Outlook, see Advanced Outlook.com security.

安全連結是 Microsoft Defender For Office 365 中的一項功能,可在郵件流程中提供輸入電子郵件的 URL 掃描,並在電子郵件和其他位置中,按一下驗證 URLs 和連結。Safe Links is a feature in Microsoft Defender for Office 365 that provides URL scanning of inbound email messages in mail flow, and time of click verification of URLs and links in email messages and in other locations. 如需詳細資訊,請參閱 Microsoft Defender For Office 365 中的安全連結For more information, see Safe Links in Microsoft Defender for Office 365.

沒有內建或預設的安全連結原則。There's no built-in or default Safe Links policy. 若要取得 URLs 的安全連結掃描,您必須建立一個或多個安全連結原則,如本文所述。To get Safe Links scanning of URLs, you need to create one or more Safe Links policies as described in this article.

注意

您可以在安全連結原則 以外 的安全連結保護中,設定全域設定。You configure the global settings for Safe Links protection outside of Safe Links policies. 如需相關指示,請參閱 在 Microsoft Defender For Office 365 中設定安全連結的通用設定For instructions, see Configure global settings for Safe Links in Microsoft Defender for Office 365.

您可以使用 Exchange Online 中的信箱,設定安全性 & 合規性中心或 PowerShell (Exchange Online 365 PowerShell 中的安全連結原則;獨立 EOP PowerShell 適用于沒有 Exchange Online 信箱的組織,但搭配 Microsoft Defender for Office 365 附加元件訂閱) 。You can configure Safe Links policies in the Security & Compliance Center or in PowerShell (Exchange Online PowerShell for eligible Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes, but with Microsoft Defender for Office 365 add-on subscriptions).

安全連結原則的基本元素如下:The basic elements of a Safe Links policy are:

  • 安全連結原則:開啟安全連結保護,開啟即時 URL 掃描,指定在傳遞郵件之前是否等候即時掃描,請開啟 [內部郵件的掃描],指定是否要在 URLs 追蹤使用者按一下,並指定是否允許使用者按一下原始 URL 的 trough。The safe links policy: Turn on Safe Links protection, turn on real-time URL scanning, specify whether to wait for real-time scanning to complete before delivering the message, turn on scanning for internal messages, specify whether to track user clicks on URLs, and specify whether to allow users to click trough to the original URL.
  • 安全連結規則:指定原則套用至) 的優先順序和收件者篩選 (。The safe links rule: Specifies the priority and recipient filters (who the policy applies to).

當您在安全性 & 合規性中心管理安全連結原則時,這兩個元素之間的差異並不明顯:The difference between these two elements isn't obvious when you manage Safe Links polices in the Security & Compliance Center:

  • 當您建立安全連結原則時,實際上是建立安全連結規則和關聯的安全連結原則,同時為這兩者使用相同的名稱。When you create a Safe Links policy, you're actually creating a safe links rule and the associated safe links policy at the same time using the same name for both.
  • 當您修改安全連結原則時,與名稱、優先順序、啟用或停用的設定或收件者篩選器相關的設定會修改安全連結規則。When you modify a Safe Links policy, settings related to the name, priority, enabled or disabled, and recipient filters modify the safe links rule. 所有其他設定都會修改相關聯的安全連結原則。All other settings modify the associated safe links policy.
  • 當您移除安全連結原則時,會移除安全連結規則和相關聯的安全連結原則。When you remove a Safe Links policy, the safe links rule and the associated safe links policy are removed.

在 Exchange Online PowerShell 或獨立 EOP PowerShell 中,您可以個別管理原則和規則。In Exchange Online PowerShell or standalone EOP PowerShell, you manage the policy and the rule separately. 如需詳細資訊,請參閱本文稍後的 使用 Exchange Online PowerShell 或獨立 EOP PowerShell 設定安全連結原則 一節。For more information, see the Use Exchange Online PowerShell or standalone EOP PowerShell to configure Safe Links policies section later in this article.

開始之前有哪些須知?What do you need to know before you begin?

在安全性 & 合規性中心建立自訂安全連結原則,會同時使用相同的名稱建立安全連結規則及相關聯的安全連結原則。Creating a custom Safe Links policy in the Security & Compliance Center creates the safe links rule and the associated safe links policy at the same time using the same name for both.

  1. 在 [安全性 & 規範中心] 中,移至 [ 威脅管理 > 原則 > ATP 安全連結]。In the Security & Compliance Center, go to Threat management > Policy > ATP Safe Links.

  2. 在 [ 安全連結 ] 頁面上,按一下 [ 建立]。On the Safe Links page, click Create.

  3. [ 新增安全連結原則 ] 嚮導隨即開啟。The New Safe Links policy wizard opens. 在 [ 命名您的原則 ] 頁面上,設定下列設定:On the Name your policy page, configure the following settings:

    • 名稱:輸入原則的唯一描述性名稱。Name: Enter a unique, descriptive name for the policy.

    • 說明:輸入原則的選擇性說明。Description: Enter an optional description for the policy.

    完成後,按 [下一步]。When you're finished, click Next.

  4. 在顯示的 [ 設定 ] 頁面上,設定下列設定:On the Settings page that appears, configure the following settings:

    • 在郵件中選取未知可能惡意 URLs 的動作:選取 [ 開啟 ],可對電子郵件中的連結啟用安全連結保護。Select the action for unknown potentially malicious URLs in messages: Select On to enable Safe Links protection for links in email messages.

    • 選取 Microsoft 小組中未知或可能惡意的 URLs 的動作:選擇 [ 開啟 ],可對小組中的連結啟用安全連結保護。Select the action for unknown or potentially malicious URLs within Microsoft Teams: Select On to enable Safe Links protection for links in Teams.

    • 對指向檔案的可疑連結和連結套用即時 URL 掃描:選取此設定可在電子郵件訊息中啟用連結的即時掃描。Apply real-time URL scanning for suspicious links and links that point to files: Select this setting to enable real-time scanning of links in email messages.

    • 等候 URL 掃描完成後,才能傳遞郵件:選取此設定可等到即時 URL 掃描完成之後,才會傳遞郵件。Wait for URL scanning to complete before delivering the message: Select this setting to wait for real-time URL scanning to complete before delivering the message.

    • 套用 安全連結至組織內傳送的電子郵件:選取此設定可將安全連結原則套用至內部寄件者和內部收件者之間的郵件。Apply Safe Links to email messages sent within the organization: Select this setting to apply the Safe Links policy to messages between internal senders and internal recipients.

    • 請勿追蹤使用者點擊:請 將此設定保留為未選取狀態,以啟用追蹤使用者按一下電子郵件中的 URLs。Do not track user clicks: Leave this setting unselected to enable the tracking user clicks on URLs in email messages.

    • 不允許使用者依序按一下原始 url:選取此設定可在 警告頁面中,禁止使用者按一下原始 url。Do not allow users to click through to original URL: Select this setting to block users from clicking through to the original URL in warning pages.

    • 請勿重新寫入下列 URLs:允許存取以安全連結封鎖的指定 URLs。Do not rewrite the following URLs: Allows access the specified URLs that would otherwise be blocked by Safe Links.

      在方塊中,輸入您想要的 URL 或值,然後按一下In the box, type the URL or value that you want, and then click 新增按鈕圖示..

      若要移除現有的專案,請選取該專案,然後按一下To remove an existing entry, select it and then click 刪除按鈕圖示..

      如需輸入語法,請參閱「 不要重新寫入下列 URLs 的輸入語法」清單For entry syntax, see Entry syntax for the "Do not rewrite the following URLs" list.

    如需這些設定的詳細資訊,請參閱 Microsoft 小組的電子郵件訊息和安全連結設定的安全連結設定For detailed information about these settings, see Safe Links settings for email messages and Safe Links settings for Microsoft Teams.

    如需標準和嚴格原則設定的建議值,請參閱 安全連結原則設定For more the recommended values for Standard and Strict policy settings, see Safe Links policy settings.

    完成後,按 [下一步]。When you're finished, click Next.

  5. 在出現的 [套用 ] 頁面上,識別套用原則的內部收件者。On the Applied to page that appears, identify the internal recipients that the policy applies to.

    您只能使用一個條件或一個例外狀況,但可以為條件或例外狀況指定多個值。You can only use a condition or exception once, but you can specify multiple values for the condition or exception. 相同條件或例外狀況的多個值使用 OR 邏輯 (例如,<recipient1><recipient2>)。Multiple values of the same condition or exception use OR logic (for example, <recipient1> or <recipient2>). 不同的條件或例外狀況則使用 AND 邏輯 (例如,<recipient1><member of group 1>)。Different conditions or exceptions use AND logic (for example, <recipient1> and <member of group 1>).

    按一下 [ 新增條件]。Click Add a condition. 在出現的下拉式清單中,選取 [ 適用于 下列條件的條件:In the dropdown that appears, select a condition under Applied if:

    • 收件者是:指定您組織中的一或多個信箱、郵件使用者或郵件連絡人。The recipient is: Specifies one or more mailboxes, mail users, or mail contacts in your organization.
    • 收件者以成員的身分存在於:指定您組織中的一或多個群組。The recipient is a member of: Specifies one or more groups in your organization.
    • 收件者網域為:指定組織中一或多個已設定公認網域中的收件者。The recipient domain is: Specifies recipients in one or more of the configured accepted domains in your organization.

    選取條件後,會出現對應的下拉式清單,其中有 其中 一個方塊。After you select the condition, a corresponding dropdown appears with an Any of these box.

    • 在方塊中按一下,並在值清單中向內移動,以選取。Click in the box and scroll through the list of values to select.
    • 按一下方塊中的 [開始輸入],以篩選清單並選取值。Click in the box and start typing to filter the list and select a value.
    • 若要新增其他值,請按一下方塊中的空白區域。To add additional values, click in an empty area in the box.
    • 若要移除個別專案, 請按一下  值上的 [移除移除圖示]。To remove individual entries, click Remove Remove icon on the value.
    • 若要移除整個條件,請按一下  條件上的 [移除移除圖示]。To remove the whole condition, click Remove Remove icon on the condition.

    若要新增其他條件,請按一下 [ 新增條件 ],然後選取 [套用 于 if 中的剩餘值]。To add an additional condition, click Add a condition and select a remaining value under Applied if.

    若要新增例外狀況,請按一下 [ 新增條件 ],然後選取 [ 除外 if] 底下的例外狀況。To add exceptions, click Add a condition and select an exception under Except if. 設定和行為就像是條件。The settings and behavior are exactly like the conditions.

    完成後,按 [下一步]。When you're finished, click Next.

  6. 在 [ 複查您的設定 ] 頁面上,複查您的設定。On the Review your settings page that appears, review your settings. 您可以按一下每個設定的 [ 編輯 ] 進行修改。You can click Edit on each setting to modify it.

    完成後,請按一下 [完成]When you're finished, click Finish.

  1. 在 [安全性 & 規範中心] 中,移至 [ 威脅管理 > 原則 > ATP 安全連結]。In the Security & Compliance Center, go to Threat management > Policy > ATP Safe Links.

  2. 在 [ 安全連結 ] 頁面上,從清單中選取一個原則,並按一下該原則 (不要) 選取此核取方塊。On the Safe Links page, select a policy from the list and click on it (don't select the check box).

    「即時」顯示原則詳細資料The policy details appear in a fly out

  1. 在 [安全性 & 規範中心] 中,移至 [ 威脅管理 > 原則 > ATP 安全連結]。In the Security & Compliance Center, go to Threat management > Policy > ATP Safe Links.

  2. 在 [ 安全連結 ] 頁面上,從清單中選取一個原則,並按一下該原則 (不要) 選取此核取方塊。On the Safe Links page, select a policy from the list and click on it (don't select the check box).

  3. 在 [原則詳細資料] 顯示的 [飛出] 中,按一下 [ 編輯原則]。In the policy details fly out that appears, click Edit policy.

[飛出] 中的可用設定與 [使用安全性 & 規範中心] 建立安全連結原則 一節中所述。The available settings in the fly out that appears are identical to those described in the Use the Security & Compliance Center to create Safe Links policies section.

若要啟用或停用原則或設定原則優先順序順序,請參閱下列各節。To enable or disable a policy or set the policy priority order, see the following sections.

  1. 在 [安全性 & 規範中心] 中,移至 [ 威脅管理 > 原則 > ATP 安全連結]。In the Security & Compliance Center, go to Threat management > Policy > ATP Safe Links.

  2. 請注意 [ 狀態 ] 欄中的值:Notice the value in the Status column:

    • 將切換開關向左移動以停用原則:Move the toggle to the left to disable the policy: 關閉原則..

    • 將切換開關向右移動以啟用原則:Move the toggle to the right to enable the policy: 開啟原則..

根據預設,安全連結原則的優先順序會根據在 (較舊的原則中所建立的順序,優先順序低於舊版的原則) 。By default, Safe Links policies are given a priority that's based on the order they were created in (newer polices are lower priority than older policies). 較小的優先順序數字表示原則的優先順序較高 (0 最高),原則是依據優先順序進行處理,較高優先順序的原則會在較低優先順序的原則前面進行處理。A lower priority number indicates a higher priority for the policy (0 is the highest), and policies are processed in priority order (higher priority policies are processed before lower priority policies). 不論有幾個原則,都不會具有相同的優先順序,且在套用第一個原則之後,原則處理就會停止。No two policies can have the same priority, and policy processing stops after the first policy is applied.

如需更多有關優先的排序及如何評估和應用多項原則,請參照 電子郵件保護的順序和優先順序For more information about the order of precedence and how multiple policies are evaluated and applied, see Order and precedence of email protection.

安全連結原則會以處理的順序顯示, (第一個原則的 Priority 值為 0) 。Safe Links policies are displayed in the order they're processed (the first policy has the Priority value 0).

注意

在安全性 & 規範中心,您只能在建立安全連結原則之後變更其優先順序。In the Security & Compliance Center, you can only change the priority of the Safe Links policy after you create it. 在 PowerShell 中,您可以在建立安全連結規則時覆寫預設優先順序 (這會影響現有規則) 的優先順序。In PowerShell, you can override the default priority when you create the safe links rule (which can affect the priority of existing rules).

若要變更原則的優先順序,請在清單中將原則上移或下移 (您無法在安全性與合規性中心直接修改 [優先順序] 數字)。To change the priority of a policy, move the policy up or down in the list (you can't directly modify the Priority number in the Security & Compliance Center).

  1. 在 [安全性 & 規範中心] 中,移至 [ 威脅管理 > 原則 > ATP 安全連結]。In the Security & Compliance Center, go to Threat management > Policy > ATP Safe Links.

  2. 在 [ 安全連結 ] 頁面上,從清單中選取一個原則,並按一下該原則 (不要) 選取此核取方塊。On the Safe Links page, select a policy from the list and click on it (don't select the check box).

  3. 在顯示的 [原則詳細資料] 中,按一下 [可用優先順序] 按鈕:In the policy details fly out that appears, click the available priority button:

    • 優先順序 值為 0 的安全連結原則只有「降低優先順序」按鈕可用。The Safe Links policy with the Priority value 0 has only the Decrease priority button available.

    • 具有最低 優先順序 值的安全連結原則 (例如, 3) 只有 [ 增加優先順序 ] 按鈕可用。The Safe Links policy with the lowest Priority value (for example, 3) has only the Increase priority button available.

    • 如果您有三個或更多的安全連結原則,則最高和最低優先順序值之間的原則都有可用的 [ 增加優先順序 ] 和 [ 降低優先順序 ] 按鈕。If you have three or more Safe Links policies, policies between the highest and lowest priority values have both the Increase priority and Decrease priority buttons available.

  4. 按一下 [ 增加優先順序 ] 或 [ 降低優先順序 ] 以變更 [ 優先順序 ] 值。Click Increase priority or Decrease priority to change the Priority value.

  5. 完成時,請按一下 [關閉]。When you're finished, click Close.

  1. 在 [安全性 & 規範中心] 中,移至 [ 威脅管理 > 原則 > ATP 安全連結]。In the Security & Compliance Center, go to Threat management > Policy > ATP Safe Links.

  2. 在 [ 安全連結 ] 頁面上,從清單中選取一個原則,並按一下該原則 (不要) 選取此核取方塊。On the Safe Links page, select a policy from the list and click on it (don't select the check box).

  3. 在顯示的 [原則詳細資料] 中,按一下 [ 刪除原則],然後在出現的警告對話方塊中按一下 [ 是]In the policy details fly out that appears, click Delete policy, and then click Yes in the warning dialog that appears.

如先前所述,安全連結原則包含安全連結原則和安全連結規則。As previously described, a Safe Links policy consists of a safe links policy and a safe links rule.

在 PowerShell 中,安全連結原則與安全連結規則之間的差異很明顯。In PowerShell, the difference between safe links policies and safe links rules is apparent. 您可以使用 * -SafeLinksPolicy Cmdlet 來管理安全連結原則,也可以使用 * -SafeLinksRule Cmdlet 來管理安全連結規則。You manage safe links policies by using the *-SafeLinksPolicy cmdlets, and you manage safe links rules by using the *-SafeLinksRule cmdlets.

  • 在 PowerShell 中,您必須先建立安全連結原則,然後建立安全連結規則,識別套用規則的原則。In PowerShell, you create the safe links policy first, then you create the safe links rule that identifies the policy that the rule applies to.
  • 在 PowerShell 中,您可以分別修改 [安全連結原則] 和 [安全連結] 規則中的設定。In PowerShell, you modify the settings in the safe links policy and the safe links rule separately.
  • 當您移除 PowerShell 的安全連結原則時,不會自動移除對應的安全連結規則,反之亦然。When you remove a safe links policy from PowerShell, the corresponding safe links rule isn't automatically removed, and vice versa.

在 PowerShell 中建立安全連結原則的過程包括兩個步驟:Creating a Safe Links policy in PowerShell is a two-step process:

  1. 建立安全連結原則。Create the safe links policy.
  2. 建立安全連結規則,以指定套用規則的安全連結原則。Create the safe links rule that specifies the safe links policy that the rule applies to.

注意

  • 您可以建立新的安全連結規則,並將現有的未關聯的安全連結原則指派給它。You can create a new safe links rule and assign an existing, unassociated safe links policy to it. 安全連結規則無法與一個以上的安全連結原則相關聯。A safe links rule can't be associated with more than one safe links policy.

  • 您可以在 [安全性 & 規範中心] PowerShell 中的新安全連結原則上設定下列設定,直到您建立原則為止:You can configure the following settings on new safe links policies in PowerShell that aren't available in the Security & Compliance Center until after you create the policy:

    • $false New-SafeLinksRule Cmdlet) 上,建立新原則做為已停用 (。Create the new policy as disabled (Enabled $false on the New-SafeLinksRule cmdlet).
    • <Number> New-SafeLinksRule Cmdlet) 上建立 (優先順序) 時,設定原則的優先順序。Set the priority of the policy during creation (Priority <Number>) on the New-SafeLinksRule cmdlet).
  • 您在 PowerShell 中建立的新安全連結原則不會顯示在安全性 & 規範中心,除非您將原則指派至安全連結規則。A new safe links policy that you create in PowerShell isn't visible in the Security & Compliance Center until you assign the policy to a safe links rule.

若要建立安全連結原則,請使用下列語法:To create a safe links policy, use this syntax:

New-SafeLinksPolicy -Name "<PolicyName>" [-AdminDisplayName "<Comments>"] [-IsEnabled <$true | $false>] [-EnableSafeLinksForTeams <$true | $false>] [-ScanUrls <$true | $false>] [-DeliverMessageAfterScan <$true | $false>] [-EnableForInternalSenders <$true | $false>] [-DoNotAllowClickThrough <$true | $false>] [-DoNotTrackUserClicks <$true | $false>] [-DoNotRewriteUrls "Entry1","Entry2",..."EntryN"]

注意

此範例會建立名為 Contoso 的安全連結原則,並提供下列值:This example creates a safe links policy named Contoso All with the following values:

  • 開啟電子郵件訊息中的 URL 掃描和重新寫入。Turn on URL scanning and rewriting in email messages.
  • 開啟小組中的 URL 掃描 (點擊 [只供預覽]) 。Turn on URL scanning in Teams (TAP Preview only).
  • 開啟已按一下的即時掃描 URLs,包括指向檔案的按一下連結。Turn on real-time scanning of clicked URLs, including clicked links that point to files.
  • 等候 URL 掃描完成後,才能傳遞郵件。Wait for URL scanning to complete before delivering the message.
  • 開啟內部郵件的 URL 掃描及重新寫入。Turn on URL scanning and rewriting for internal messages.
  • 追蹤與安全連結保護 (相關的使用者按一下。我們不會使用 DoNotTrackUserClicks 參數,而預設值則是 $false,這表示會追蹤) 的使用者按一下。Track user clicks related to Safe Links protection (we aren't using the DoNotTrackUserClicks parameter, and the default value is $false, which means user clicks are tracked).
  • 不允許使用者依序按一下原始 URL。Do not allow users to click through to the original URL.
New-SafeLinksPolicy -Name "Contoso All" -IsEnabled $true -EnableSafeLinksForTeams $true -ScanUrls $true -DeliverMessageAfterScan $true -EnableForInternalSenders $true -DoNotAllowClickThrough $true

如需詳細的語法及參數資訊,請參閱 New-SafeLinksPolicyFor detailed syntax and parameter information, see New-SafeLinksPolicy.

若要建立安全連結規則,請使用下列語法:To create a safe links rule, use this syntax:

New-SafeLinksRule -Name "<RuleName>" -SafeLinksPolicy "<PolicyName>" <Recipient filters> [<Recipient filter exceptions>] [-Comments "<OptionalComments>"] [-Enabled <$true | $false>]

此範例會建立名為 Contoso 的安全連結規則,且具有下列條件:This example creates a safe links rule named Contoso All with the following conditions:

  • 此規則會與名為 Contoso All 的安全連結原則相關聯。The rule is associated with the safe links policy named Contoso All.
  • 此規則會套用至 contoso.com 網域中的所有收件者。The rule applies to all recipients in the contoso.com domain.
  • 因為我們沒有使用 priority 參數,所以會使用預設的優先順序。Because we aren't using the Priority parameter, the default priority is used.
  • (未使用 enabled 參數時,也會啟用該規則,且預設值為 $true) 。The rule is enabled (we aren't using the Enabled parameter, and the default value is $true).
New-SafeLinksRule -Name "Contoso All" -SafeLinksPolicy "Contoso All" -RecipientDomainIs contoso.com

如需詳細的語法及參數資訊,請參閱 New-SafeLinksRuleFor detailed syntax and parameter information, see New-SafeLinksRule.

若要查看現有的安全連結原則,請使用下列語法:To view existing safe links policies, use the following syntax:

Get-SafeLinksPolicy [-Identity "<PolicyIdentity>"] [| <Format-Table | Format-List> <Property1,Property2,...>]

本範例會傳回所有安全連結原則的摘要清單。This example returns a summary list of all safe links policies.

Get-SafeLinksPolicy | Format-Table Name

此範例會傳回名為 Contoso 主管的安全連結原則的詳細資訊。This example returns detailed information for the safe links policy named Contoso Executives.

Get-SafeLinksPolicy -Identity "Contoso Executives"

如需詳細的語法及參數資訊,請參閱 Get-SafeLinksPolicyFor detailed syntax and parameter information, see Get-SafeLinksPolicy.

若要查看現有的安全連結規則,請使用下列語法:To view existing safe links rules, use the following syntax:

Get-SafeLinksRule [-Identity "<RuleIdentity>"] [-State <Enabled | Disabled] [| <Format-Table | Format-List> <Property1,Property2,...>]

本範例會傳回所有安全連結規則的摘要清單。This example returns a summary list of all safe links rules.

Get-SafeLinksRule | Format-Table Name,State

若要依啟用或停用篩選規則的清單,請執行下列命令:To filter the list by enabled or disabled rules, run the following commands:

Get-SafeLinksRule -State Disabled
Get-SafeLinksRule -State Enabled

此範例會傳回名為 Contoso 主管的安全連結規則的詳細資訊。This example returns detailed information for the safe links rule named Contoso Executives.

Get-SafeLinksRule -Identity "Contoso Executives"

如需詳細的語法及參數資訊,請參閱 Get-SafeLinksRuleFor detailed syntax and parameter information, see Get-SafeLinksRule.

您無法在 PowerShell 中重新命名安全連結原則 (Set-SafeLinksPolicy 指令程式沒有 Name 參數) 。You can't rename a safe links policy in PowerShell (the Set-SafeLinksPolicy cmdlet has no Name parameter). 當您在安全性 & 合規性中心重新命名安全連結原則時,您只會重新命名安全連結 規則When you rename a Safe Links policy in the Security & Compliance Center, you're only renaming the safe links rule.

在 PowerShell 中修改安全連結原則的唯一進一步考慮,就是 (「不要重新寫入下列 URLs」清單) 的 DoNotRewriteUrls 參數可用語法:The only additional consideration for modifying safe links policies in PowerShell is the available syntax for the DoNotRewriteUrls parameter (the "Do not rewrite the following URLs" list):

  • 若要新增將取代任何現有專案的值,請使用下列語法: "Entry1","Entry2,..."EntryN"To add values that will replace any existing entries, use the following syntax: "Entry1","Entry2,..."EntryN".
  • 若要新增或移除值,而不影響其他現有的專案,請使用下列語法: @{Add="Entry1","Entry2"...; Remove="Entry3","Entry4"...}To add or remove values without affecting other existing entries, use the following syntax: @{Add="Entry1","Entry2"...; Remove="Entry3","Entry4"...}

否則,當您建立安全連結原則時,可以使用相同的設定,如本文稍早的 步驟1:使用 PowerShell 建立安全連結原則 一節所述。Otherwise, the same settings are available when you create a safe links policy as described in the Step 1: Use PowerShell to create a safe links policy section earlier in this article.

若要修改安全連結原則,請使用下列語法:To modify a safe links policy, use this syntax:

Set-SafeLinksPolicy -Identity "<PolicyName>" <Settings>

如需詳細的語法及參數資訊,請參閱 Set-SafeLinksPolicyFor detailed syntax and parameter information, see Set-SafeLinksPolicy.

當您在 PowerShell 中修改安全連結規則時,唯一可用的設定是 Enabled 參數,可讓您建立已停用的規則。The only setting that's not available when you modify a safe links rule in PowerShell is the Enabled parameter that allows you to create a disabled rule. 若要啟用或停用現有的安全連結規則,請參閱下一節。To enable or disable existing safe links rules, see the next section.

否則,當您建立一個規則時,當您在本文稍早 [使用 步驟2:使用 PowerShell 建立安全連結規則 ] 區段所述時,就可以使用相同的設定。Otherwise, the same settings are available when you create a rule as described in the Step 2: Use PowerShell to create a safe links rule section earlier in this article.

若要修改安全連結規則,請使用下列語法:To modify a safe links rule, use this syntax:

Set-SafeLinksRule -Identity "<RuleName>" <Settings>

如需詳細的語法及參數資訊,請參閱 Set-SafeLinksRuleFor detailed syntax and parameter information, see Set-SafeLinksRule.

啟用或停用 PowerShell 中的安全連結規則可啟用或停用安全連結規則和指派的安全連結原則) (的整體安全連結原則。Enabling or disabling a safe links rule in PowerShell enables or disables the whole Safe Links policy (the safe links rule and the assigned safe links policy).

若要啟用或停用 PowerShell 中的安全連結規則,請使用下列語法:To enable or disable a safe links rule in PowerShell, use this syntax:

<Enable-SafeLinksRule | Disable-SafeLinksRule> -Identity "<RuleName>"

本範例會停用名為「行銷部門」的安全連結規則。This example disables the safe links rule named Marketing Department.

Disable-SafeLinksRule -Identity "Marketing Department"

此範例會啟用相同規則。This example enables same rule.

Enable-SafeLinksRule -Identity "Marketing Department"

如需詳細的語法及參數資訊,請參閱 Enable-SafeLinksRuleDisable-SafeLinksRuleFor detailed syntax and parameter information, see Enable-SafeLinksRule and Disable-SafeLinksRule.

您可以對規則設定的最高優先順序值為 0。The highest priority value you can set on a rule is 0. 您可以設定的最低值則取決於規則的數目。The lowest value you can set depends on the number of rules. 例如,如果您有五個規則,則您可以使用 0 到 4 的優先順序值。For example, if you have five rules, you can use the priority values 0 through 4. 變更現有規則的優先順序會對其他規則造成階層式影響。Changing the priority of an existing rule can have a cascading effect on other rules. 例如,如果您有五個自訂規則 (優先順序 0 到 4),而您將規則的優先順序變更為 2,則優先順序為 2 的現有規則會變更為優先順序 3,優先順序 3 的規則會變更為優先順序 4。For example, if you have five custom rules (priorities 0 through 4), and you change the priority of a rule to 2, the existing rule with priority 2 is changed to priority 3, and the rule with priority 3 is changed to priority 4.

若要設定 PowerShell 中安全連結規則的優先順序,請使用下列語法:To set the priority of a safe links rule in PowerShell, use the following syntax:

Set-SafeLinksRule -Identity "<RuleName>" -Priority <Number>

此範例會將規則 (名稱為 Marketing Department) 的優先順序設定為 2。This example sets the priority of the rule named Marketing Department to 2. 優先順序小於或等於 2 的所有現有規則會減 1 (它們的優先順序數字會加 1)。All existing rules that have a priority less than or equal to 2 are decreased by 1 (their priority numbers are increased by 1).

Set-SafeLinksRule -Identity "Marketing Department" -Priority 2

注意

若要在建立新規則時設定其優先順序,請改用 New-SafeLinksRule Cmdlet 上的 priority 參數。To set the priority of a new rule when you create it, use the Priority parameter on the New-SafeLinksRule cmdlet instead.

如需詳細的語法及參數資訊,請參閱 Set-SafeLinksRuleFor detailed syntax and parameter information, see Set-SafeLinksRule.

當您使用 PowerShell 來移除安全連結原則時,並不會移除對應的安全連結規則。When you use PowerShell to remove a safe links policy, the corresponding safe links rule isn't removed.

若要移除 PowerShell 中的安全連結原則,請使用下列語法:To remove a safe links policy in PowerShell, use this syntax:

Remove-SafeLinksPolicy -Identity "<PolicyName>"

此範例會移除名為「行銷部門」的安全連結原則。This example removes the safe links policy named Marketing Department.

Remove-SafeLinksPolicy -Identity "Marketing Department"

如需詳細的語法及參數資訊,請參閱 Remove-SafeLinksPolicyFor detailed syntax and parameter information, see Remove-SafeLinksPolicy.

當您使用 PowerShell 來移除安全連結規則時,並不會移除對應的安全連結原則。When you use PowerShell to remove a safe links rule, the corresponding safe links policy isn't removed.

若要移除 PowerShell 中的安全連結規則,請使用下列語法:To remove a safe links rule in PowerShell, use this syntax:

Remove-SafeLinksRule -Identity "<PolicyName>"

此範例會移除名為「行銷部門」的安全連結規則。This example removes the safe links rule named Marketing Department.

Remove-SafeLinksRule -Identity "Marketing Department"

如需詳細的語法及參數資訊,請參閱 Remove-SafeLinksRuleFor detailed syntax and parameter information, see Remove-SafeLinksRule.

若要確認安全連結正在掃描郵件,請檢查可用的 Microsoft Defender for Office 365 報告。To verify that Safe Links is scanning messages, check the available Microsoft Defender for Office 365 reports. 如需詳細資訊,請參閱 View For Office 365 的 Defender 報告使用 Explorer In Security & 合規性中心For more information, see View reports for Defender for Office 365 and Use Explorer in the Security & Compliance Center.

如何知道這些程序是否正常運作?How do you know these procedures worked?

若要確認您是否已成功建立、修改或移除安全連結原則,請執行下列任一步驟:To verify that you've successfully created, modified, or removed Safe Links policies, do any of the following steps:

  • 在 [安全性 & 規範中心] 中,移至 [ 威脅管理 > 原則 > ATP 安全連結]。In the Security & Compliance Center, go to Threat management > Policy > ATP Safe Links. 請確認原則的清單、其 狀態 值,以及其 優先順序 值。Verify the list of policies, their Status values, and their Priority values. 若要查看更多詳細資料,請從清單中選取原則,然後在 [飛出] 中查看詳細資料。To view more details, select the policy from the list, and view the details in the fly out.

  • 在 Exchange Online PowerShell 或 Exchange Online Protection PowerShell 中, <Name> 以原則或規則的名稱取代,執行下列命令,然後確認設定:In Exchange Online PowerShell or Exchange Online Protection PowerShell, replace <Name> with the name of the policy or rule, run the following command, and verify the settings:

    Get-SafeLinksPolicy -Identity "<Name>"
    
    Get-SafeLinksRule -Identity "<Name>"