Check provider logo

Safe Links policy is enabled and properly configured in Microsoft Defender for Office 365.

defender_safelinks_policy_enabled

Severitymedium
Servicedefender
by Prowler
email-securitye5

Microsoft Defender for Office 365 Safe Links is a feature that provides URL scanning and rewriting of inbound email messages, as well as time-of-click verification of URLs and links in email messages, Teams, and Office apps.

This check verifies that the Safe Links policy is properly configured with all recommended settings enabled.

Risk

Without properly configured Safe Links protection, users may be vulnerable to phishing attacks and malicious URLs in emails, Teams messages, and Office documents.

Attackers could bypass security by using URLs that redirect to malicious content after initial scanning.

Run this check with Prowler CLI

prowler m365 --checks defender_safelinks_policy_enabled

Run in Prowler Cloud

Recommendation

Enable and properly configure Safe Links policies to protect users from malicious URLs in emails, Teams, and Office applications. Ensure URL scanning and time-of-click verification are enabled across all communication channels.

Remediation

CLI

Set-SafeLinksPolicy -Identity 'Built-In Protection Policy' -EnableSafeLinksForEmail $true -EnableSafeLinksForTeams $true -EnableSafeLinksForOffice $true -TrackClicks $true -AllowClickThrough $false -ScanUrls $true -EnableForInternalSenders $true -DeliverMessageAfterScan $true -DisableUrlRewrite $false

Other
  1. Navigate to Microsoft 365 Defender at https://security.microsoft.com
  2. Click to expand Email & collaboration and select Policies & rules
  3. Select Threat policies
  4. Under Policies, select Safe Links
  5. Select or create a policy and configure these settings:
    • Enable Safe Links for Email: On
    • Enable Safe Links for Teams: On
    • Enable Safe Links for Office: On
    • Track user clicks: On
    • Let users click through to the original URL: Off
    • Scan URLs: On
    • Apply Safe Links to messages sent within the organization: On
    • Wait for URL scanning to complete before delivering the message: On
    • Do not rewrite URLs: Off
  6. Save the policy

Source Code

Resource Type

NotDefined

References

Related To

  • defender_antiphishing_policy_configured