can't set the tag to Defender for Endpoint or Defender 365 !
Question. Having trouble to understand telemetry from Safe Links clicks from e-mail messages.
Looking at https://learn.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-urlclickevents-table?view=o365-worldwide
The click was allowed as per the above screen shot Action type = Click allowed . What does the even mean? It was not blocked by Safe Link ?
If it was not blocked what’s then the relevance of Is clicked through = false ?
This DOES not make any sense to me ! I don't see the url as rewriten. The click was allowed so what click trough to what original URL ? ?