Set up Safe Links Policies in Microsoft Defender for Office 365

Use the Microsoft 365 Defender portal to create Safe Links policies

Creating a custom Safe Links policy in the Microsoft 365 Defender portal creates the safe links rule and the associated safe links policy at the same time using the same name for both.

  1. In the Microsoft 365 Defender portal, go to Policies & rules > Threat Policies > Policies section > Safe Links.

  2. On the Safe Links page, click Create icon. Create.

  3. The New Safe Links policy wizard opens. On the Name your policy page, configure the following settings:

    • Name: Enter a unique, descriptive name for the policy.
    • Description: Enter an optional description for the policy.

    When you're finished, click Next.

  4. On the Users and domains page that appears, identify the internal recipients that the policy applies to (recipient conditions):

    • Users: The specified mailboxes, mail users, or mail contacts in your organization.
    • Groups: The specified distribution groups, mail-enabled security groups, or Microsoft 365 Groups in your organization.
    • Domains: All recipients in the specified accepted domains in your organization.

    Click in the appropriate box, start typing a value, and select the value that you want from the results. Repeat this process as many times as necessary. To remove an existing value, click remove Remove icon. next to the value.

    For users or groups, you can use most identifiers (name, display name, alias, email address, account name, etc.), but the corresponding display name is shown in the results. For users, enter an asterisk (*) by itself to see all available values.

    Multiple values in the same condition use OR logic (for example, <recipient1> or <recipient2>). Different conditions use AND logic (for example, <recipient1> and <member of group 1>).

    • Exclude these users, groups, and domains: To add exceptions for the internal recipients that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions.

    When you're finished, click Next.

  5. On the Protection settings page that appears, configure the following settings:

    • Select the action for unknown potentially malicious URLs in messages: Select Off to disable Safe Links protection for links in email messages.

    • Select the action for unknown or potentially malicious URLs within Microsoft Teams: Select Off to disable Safe Links protection for links in Teams.

    • Do not track user clicks: Leave this setting unselected to enable the tracking user to clicks on URLs in email messages.

    • Do not allow users to click through to the original URL: Disable this option to allow users to click through to the original URL in warning pages.

    • Do not rewrite the following URLs: Allows access to the specified URLs that would otherwise be blocked by Safe Links.

      In the box, type the URL or value that you want, and then click Add. Repeat this step as many times as necessary.

      Here you need to add the domains in the following format: **

    When you're finished, click Next.

  6. On the Notification page that appears, select the value "Use the default notification text"

    When you're finished, click Next.

  7. On the Review page that appears, review your settings. You can select Edit in each section to modify the settings within the section. Or you can click Back or select the specific page in the wizard.

    When you're finished, click Submit.

  8. On the confirmation page that appears, click Done.

    * Please double-check if the created rules do not conflict with any existing rules in your setup. In case there is a conflict, please make sure the new rules have the highest priority.