O365 Email Link Scanning Policy Creation Procedure

This admin procedure will provide background information on creating a safe links threat policy that will monitor URL scanning for inbound and outbound mail flow.

Safe Links Threat Policy

Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites.

Procedure Scope: Administrators

Required Group Membership: Admin.EmailSecurity

Creating a Safe Links Threat Policy

1. Navigate to Safe Links – O365 Defender, and select Create.
   
2. Provide the basic information to the policy such as name and description, should explain the policies’ purpose and scope of effect. Select Next to continue.
   
3. Next you will be able to supply assignments or exclusions to internal users, groups, and domains. Select Next to proceed.
   
4. A list of all the possible configuration settings will be listed, make sure to apply the necessary settings to fit the needs of your organization. Select Next to continue.
   
5. You can specify the notifications that will be sent to end users when their emails have been captured for safe links policy deferrals.
   
6. The review page will allow you to see all configured settings for the device control creation process, if you detect a discrepancy at this stage make note of the section and select Back to make alterations before finalization. If everything checks out, select Submit to publish the policy.
   
7. A prompt will be displayed detailing that the policy has been created and has been put into immediate effect. Select Done to finalize the creation process.
   

You're Finished!