Safe Link UrlClick events ?

AdamBudzinskiAZA-0329 86 Reputation points


can't set the tag to Defender for Endpoint or Defender 365 !

Question. Having trouble to understand telemetry from Safe Links clicks from e-mail messages.

User's image

User's image

Looking at

User's image

The click was allowed as per the above screen shot Action type = Click allowed . What does the even mean? It was not blocked by Safe Link ?

User's image

If it was not blocked what’s then the relevance of Is clicked through = false ?

This DOES not make any sense to me ! I don't see the url as rewriten. The click was allowed so what click trough to what original URL ? ?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
978 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,256 Reputation points Microsoft Employee

    Maybe this link will help. This is more of a Defender for Office topic but it sounds like pass through may be allowed in some situations depending on the policy settings. This may be more of an audit if not blocked.

    0 comments No comments