How do I get Safe Links to bypass specific URLs and not scan/check them at all when a user clicks a link in an email?

Question

We have a fleet of ~350 laptops on Windows 10/11 licensed with M365 E5 licenses, using cloud mailboxes with Outlook 365. We have the "Basic Protection" running for the bulk of users using default settings, including Safe Links. We have recently switched to using Trend Micro Email Security (TMES) for Inbound mail filtering. Once a day our users get a 'digest' email from TMES with a list of emails that have been quarantined in the previous 24 hours, with links to approve or block the senders. When you click the link in the email to block a sender, our users have a short delay while Safe Links does its thing, then the page at Trend Micro opens in a browser and displays the status of the action. At this stage, every time you do this, the action result shows a red X, and says the action cannot be completed because it has already been done. This is confusing for our end users. We have determined that the Safe Links URL check obviously "opens" the site at Trend (or activates it somehow) and causes the action to be taken prior to Safe Links then opening the page in the browser and presenting it to the user. So the Safe Links check is completing the action and then when the user finally gets it in the browser, it has already been completed. We found that if we copy the URL for the action link and paste it in a browser tab, rather than clicking on the link in the email, it opens and works fine, and the user sees the green tick and the feedback that the action was completed successfully.

I tried creating a Safe Links policy and excluding the relevant URL from URL Re-writing, but that doesn't help. The only other option I have found that works is to exclude the user from Safe Links entirely. If you do this, the links work fine when clicked from the email. But of course we don't want to do this. So what I need is the ability to have Safe Links ignore specific URLs and do NOT do URL checks/scans, and just pass the link straight to the browser. Any ideas?

Answer 1

@Chris Fox

Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are wanting to exclude the URL from Microsoft Office defender safe links policy so that trend micro could be used to take allow/block action by accessing the links in email.

Please do correct me for any discrepancies in my understanding by responding in comments.

Just excluding may not help here as

Entries in the "Do not rewrite the following URLs" list aren't scanned or wrapped by Safe Links during mail flow, but might still be blocked at time of click. Report the URL as Should not have been blocked (False positive) and select Alow this URL to add an allow entry to the Tenant Allow/Block List so the URL isn't scanned or wrapped by Safe Links during mail flow and at time of click.

Kindly try following the given steps:

• Exclude the URL from the policy by adding URL to "Manage URLs to not rewrite". : Entries in the "Don't rewrite the following URLs" list aren't scanned or wrapped by Safe Links during mail flow.

• Also, report the URL as Should not have been blocked (False positive) and select Allow this URL to add an allow entry to the Tenant Allow/Block List so the URL isn't scanned or wrapped by Safe Links during mail flow and at time of click.

For instructions, see Report good URLs to Microsoft.

---Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.

Thanks, Akshay Kaushik

Answer 2

how are you doing