Maybe this link will help. This is more of a Defender for Office topic but it sounds like pass through may be allowed in some situations depending on the policy settings. This may be more of an audit if not blocked.
Safe Link UrlClick events ?
AdamBudzinskiAZA-0329
91
Reputation points
hi,
can't set the tag to Defender for Endpoint or Defender 365 !
Question. Having trouble to understand telemetry from Safe Links clicks from e-mail messages.
The click was allowed as per the above screen shot Action type = Click allowed . What does the even mean? It was not blocked by Safe Link ?
If it was not blocked what’s then the relevance of Is clicked through = false ?
This DOES not make any sense to me ! I don't see the url as rewriten. The click was allowed so what click trough to what original URL ? ?
1 answer
Sort by: Most helpful
-
Andrew Blumhardt 9,856 Reputation points Microsoft Employee
2023-09-12T12:22:48.7433333+00:00