Information
Enabling Safe Links policy for Office applications allows URL's that exist inside of Office documents and email applications opened by Office, Office Online and Office mobile to be processed against Defender for Office time-of-click verification and rewritten if required.
Note: E5 Licensing includes a number of Built-in Protection policies. When auditing policies note which policy you are viewing, and keep in mind CIS recommendations often extend the Default or Build-in Policies provided by MS. In order to Pass the highest priority policy must match all settings recommended.
Rationale:
Safe Links for Office applications extends phishing protection to documents and emails that contain hyperlinks, even after they have been delivered to a user.
Impact:
User impact associated with this change is minor - users may experience a very short delay when clicking on URLs in Office documents before being directed to the requested site. Users should be informed of the change as, in the event a link is unsafe and blocked, they will receive a message that it has been blocked.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To enable Defender for Office Safe Links policy for Office, use the Microsoft 365 Admin Center:
Under Admin centers click Security.
Under Email & collaboration select Policies & rules
Select Threat policies then Safe Links
Click on the policy, a new pane should open on the right hand side.
Under Protection settings click Edit protection settings
Ensure the follow boxes are checked:
On: Safe Links checks a list of known, malicious links when users click links in email. URLs are rewritten by default
Apply Safe Links to email messages sent within the organization
Apply real-time URL scanning for suspicious links and links that point to files
Wait for URL scanning to complete before delivering the message
On: Safe Links checks a list of known, malicious links when users click links in Microsoft Teams. URLs are not rewritten
On: Safe Links checks a list of known, malicious links when users click links in Microsoft Office apps. URLs are not rewritten
Under Click protection settings check Track user clicks and uncheck Let users click through to the original URL
Select Save
To enable the Safe Links policy for Office 365, use the Exchange Online PowerShell Module:
Connect using Connect-ExchangeOnline.
Run the following PowerShell command:
New-SafeLinksPolicy -Name 'My SafeLinks Policy' -EnableSafeLinksForEmail $true -EnableSafeLinksForTeams $true -EnableSafeLinksForOffice $true -ScanUrls $true -DeliverMessageAfterScan $true -EnableForInternalSenders $true -AllowClickThrough $false