Information
Enabling the Advanced Threat Protection (ATP) Safe Links policy allows email messages that include URLs to be processed and rewritten if required. ATP Safe Links provides time-of-click verification of web addresses in email messages and Office documents.
Rationale:
ATP Safe Links extends phishing protection to include redirecting all email hyperlinks through a forwarding service which will block malicious ones even after the email has been delivered to the end user.
Impact:
When enabling and configuring ATP Safe Links impact to the end-user should be low. Users should be informed of the change as, in the event a link is unsafe and blocked, they will receive a message that it has been blocked.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To enable the Safe Links policy, use the Microsoft 365 Admin Center:
Click Security to open the Security portal.
Navigate to Threat management > Policy > Safe Links.
Click +Create, name the policy, then click Next.
Choose whether the policy will apply to Users, Groups, or Domains then select Next.
Under Protection settings click On - URLs will be rewritten and checked against a list of known malicious links when user clicks on the link., select the same for Microsoft Teams.
Click the following options - Apply Safe Links to email messages sent within the organization, Do not let users click through to the original URL then click Next.
You may choose to use default or a custom text, then click Next.
Click Submit.
To enable the ATP Safe Links policy, use the Exchange Online PowerShell Module:
Connect using Connect-ExchangeOnline.
Run the following PowerShell command:
$SafeLinksPolicy = Get-SafeLinksPolicy
If (-not $SafeLinksPolicy.Identity) {
$SafeLinksPolicy = New-SafeLinksPolicy -Name 'Safe Links'
}
Set-SafeLinksPolicy -Identity $SafeLinksPolicy.Identity -IsEnabled $True -ScanUrls $True -EnableForInternalSenders $True -AllowClickThrough $False
Default Value:
Disabled