DEMO: Configure Safe Links
Start course

This course shows how to set up Microsoft Defender for Microsoft 365 through a series of practical demonstrations from the Microsoft 365 platform. You will learn about some general cybersecurity practices before being shown how Microsoft Defender can help you implement them.

Learning Objectives

  • Understand how to protect against phishing, malware, and spam using Microsoft Defender
  • Learn about safe links and safe attachments and configure them
  • Learn how to enable zero-day malware protection

Intended Audience

This course is intended for those who wish to learn how to configure protection in Microsoft Defender for Office 365.


To get the most out of this course, you should have a basic understanding of Microsoft 365.


Hello and welcome back. In this lesson here, we're gonna create a safe links policy. Now, when we create a custom safe links policy, what we're doing here is creating the safe links rule and the associated safe links policy at the same time.

On the screen, I'm logged in to my Office 365 Security and Compliance center. I'm logged in as the global admin. To create a safe links policy from here, what we do is browse down under Threat Management here and then open up Policy. And then from this threat policies page, you can see the anti-phishing, the anti-spam, the anti-malware. And then what we're interested in here is this Safe Links policy option. We'll actually do Safe Attachments next. But for this exercise here we'll go ahead and protect our users from malicious links.

Now we can see here, as I mentioned previously, we don't have a default policy here for safe links. So if we want this protection, we need to create a policy. And that's what we're gonna do here. So go ahead and click Create. And then what we'll do here is provide some information. On this Name your policy page it's pretty self-explanatory I'll just call this Safe Links Policy. This red asterisk tells us that this information is required. We don't have a red asterisk for description, so, we're not gonna worry about that here and we'll just go ahead and click Next.

And now on this Settings page, we have a bunch of different settings that we can configure here. The option here for unknown potentially malicious URLs in messages. What this does is allow me to enable safe links protection for links in email messages. Now this option here for potentially malicious URLs within Teams allows us to enable safe links protections for links in Team conversations. So what we'll do here is we'll turn this on and we'll turn this on as well.

Now these other options here allow us to configure additional protection. Now, the apply real time URL scanning for suspicious links and links that point to files. What this option does is allow us to enable real time scanning of links in email messages. Now the sub-option here about waiting for URL scanning. What this does is allow us to configure our policy to wait for real-time URL scanning to complete before the message itself, the email itself gets delivered. So URLs get scanned before the messages even get delivered.

Now this option here about safe links in email messages sent within the organization. What this does is allow us to apply the safe links policy to messages that are sent between two internal senders and internal recipients. So, while a policy will typically apply just from external threats like mail coming from outside, checking this box allows us to apply that same policy to messages within our organization. The option here to not track user clicks. What this does is enable us to track user clicks on URLs in email messages. 

So by default, our policy is going to track users that click on links in their email messages. We can turn that off by clicking this box. And then the option here to not allow users to click through to the original URL. This option allows us to block users from clicking through to the original URL when it's shown in warning pages. So if there's a warning page that pops up to a user saying, "Hey, we have this problem with this URL," what we can do is ensure that our users can't click through that by selecting this option. And we'll do that here. I mean, it only makes sense, if you're a warning a user about a bad URL, why would you make it clickable? That's the point of this particular setting here. And then this last option here, Display the organization branding on notification and warning pages, this revolves around the actual branding of your warning pages. What you can do is you can display the logo from your organizational profile to let your users know that the warning is indeed coming from you. So it gives a little more comfort to your users knowing that the warning they're getting is legitimate because it's associated with your brand.

And this last option down the bottom, this "Do not rewrite the following URLs" option. What we can do is make exceptions for URLs. And what that does is allow access to specific URLs that might otherwise get blocked by the safe links policy. It's essentially a white list. So now that we have some of our settings configured here, what we'll do here is we'll Next this. And now on this page we can configure notification. We can either notify our users of an issue using the default notification text or we can use custom notification text. We'll just leave this at its default notification text option. We'll Next it. And then we need to tell the policy who it should get applied to.

So for this example here, we'll select a condition. Now we can also, by the way, specify exceptions to the rule. Who the rule is not applied to. But what we'll do here is select the recipient domain and we'll choose Berks batteries. So this is going to apply to all recipients in the domain. We'll Next it. And then we can review our settings. Clicking Finish creates the policy. And so at this point, we now have our safe links policy created. This will actually serve as the default policy at this point because it's the only policy that's been created. So with that, you now know how to create a safe links policy.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.