Office 365 Advanced Threat Protection (ATP) Safe Links can help protect your organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents. Protection is defined through ATP Safe Links policies that are set by your Office 365 security team.
Once your ATP Safe Links policies are in place, Office 365 global administrators, security administrators, and security readers can view reports for Advanced Threat Protection. The information in those reports can help your security team take further steps to protect your organization or research security incidents.
This blog post shows how to configure office 365 Safe Links policies.
In the left navigation, under Threat management, choose Policy > Safe Links.
In the Policies that apply to the entire organization section, select Default, and then choose Edit (the Edit button resembles a pencil).
This enables you to view your list of blocked URLs. At first, you might not have any URLs listed here.
Select the Enter a valid URL box, type a URL, and then choose the plus sign (+).
When you are finished adding URLs, in the lower right corner of the screen, choose Save.
Now let’s look at Safe Links creating policies for email recipients
In the Policies that apply to specific recipients’ section, choose New (the New button
Specify the name, description, and settings for your policy
- In the Select the action section, choose On.
- Select Apply real-time URL scanning for suspicious links and links that point to files if you would like to enable URL detonation for suspicious and file-pointing URLs (recommended). And select Wait for URL scanning to complete before delivering the message if you wish to only have users receive messages after the URLs have been fully scanned.
- Select Apply Safe Links to messages sent within the organization if you would like to enable Safe Links for messages sent between users within your organization (recommended).
- Select Do not allow user to click through to original URL if you do not wish the individual users to override a scan in progress or URL blocked notification pages.
In the Applied To section, choose the recipient domain is, and then choose the domain(s) you want to include in your policy.
Choose Add, and then choose OK.