O365 Email Link Scanning Policy Modification Procedure

This admin procedure will provide background information on modifying an existing safe links threat policy.

Safe Links Threat Policy

Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites.

Procedure Scope: Administrators

Required Group Membership: Admin.EmailSecurity

Modifying a Safe Links Threat Policy

1. Navigate to Safe Links – O365 Defender, locate the policy you wish to alter.
   
2. Upon opening the policy, all the information of the policy will be displayed. 4 points of interest will be available to Edit. You can modify the sections as needed.
   1. Description: Adjust the description of the policy; a non-functional element that provides background information on the scope of what the policy is trying to accomplish.
      
   2. Users and Domains: Specifies the users, groups, or owned domains that this policy will be applied to; additionally, you can also specify exclusions if necessary.
      
   3. Protection Settings: Specifies the filters that will be applied to emails for a compliance match.
      
   4. Notifications Settings: Specifies how users will be notified the embedded link is being detonated and will be notified if it has failed.
      
3. Regardless of the section alterations are being made in the same procedure applies once the necessary changes have been made select Save.
   
4. Once all items have been reviewed, select Close to finalize modifications made to the policy.
   

You're Finished!