Configure global settings for Safe Links in Microsoft Defender for Office 365

Tip

Did you know you can try the features in Microsoft 365 Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft 365 Defender portal trials hub. Learn about who can sign up and trial terms here.

Applies to

Important

The Global settings menu and the Block the following URLs list for Safe Links are in the process of being deprecated. Use block entries for URLs in the Tenant Allow/Block List instead.

This article is intended for business customers who have Microsoft Defender for Office 365. If you are a home user looking for information about Safelinks in Outlook, see Advanced Outlook.com security.

Safe Links is a feature in Microsoft Defender for Office 365 that provides URL scanning of inbound email messages in mail flow, and time of click verification of URLs and links in email messages and in other locations. For more information, see Safe Links in Microsoft Defender for Office 365.

You configure most Safe Links settings in Safe Links policies, including Safe Links settings for supported Office Apps. For instructions, see Set up Safe Links policies in Microsoft Defender for Office 365.

But, Safe Links also uses the following global settings that you configure outside of the Safe Links policies themselves:

You can configure the global Safe Links settings in the Microsoft 365 Defender portal or in PowerShell (Exchange Online PowerShell for eligible Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes, but with Microsoft Defender for Office 365 add-on subscriptions).

What do you need to know before you begin?

Configure the "Block the following URLs" list in the Microsoft 365 Defender portal

Note

You can now manage block URL entries in the Tenant Allow/Block List. The "Block the following URLs" list is in the process of being deprecated. We'll attempt to migrate existing entries from the "Block the following URLs" list to block URL entries in the Tenant Allow/Block List. Messages containing the blocked URL will be quarantined.

The Block the following URLs list identifies the links that should always be blocked by Safe Links scanning in supported apps. For more information, see "Block the following URLs" list for Safe Links.

  1. In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Email & Collaboration > Policies & Rules > Threat policies > Safe Links in the Policies section. To go directly to the Safe Links page, use https://security.microsoft.com/safelinksv2.

  2. On the Safe Links page, click Global settings. In the Safe Links policy for your organization fly out that appears, go to the Block the following URLs box.

  3. Configure one or more entries as described in Entry syntax for the "Block the following URLs" list.

    When you're finished, click Save.

Configure the "Block the following URLs" list in PowerShell

For details about the entry syntax, see Entry syntax for the "Block the following URLs" list.

You can use the Get-AtpPolicyForO365 cmdlet to view existing entries in the BlockURLs property.

  • To add values that will replace any existing entries, use the following syntax in Exchange Online PowerShell or Exchange Online Protection PowerShell:

    Set-AtpPolicyForO365 -BlockUrls "Entry1","Entry2",..."EntryN"
    

    This example adds the following entries to the list:

    • Block the domain, subdomains, and paths for fabrikam.com.
    • Block the subdomain research, but not the parent domain or other subdomains in tailspintoys.com
    Set-AtpPolicyForO365 -BlockUrls "fabrikam.com","https://research.tailspintoys.com*"
    
  • To add or remove values without affecting other existing entries, use the following syntax:

    Set-AtpPolicyForO365 -BlockUrls @{Add="Entry1","Entry2"...; Remove="Entry3","Entry4"...}
    

    This example adds a new entry for adatum.com, and removes the entry for fabrikam.com.

    Set-AtpPolicyForO365 -BlockUrls @{Add="adatum.com"; Remove="fabrikam"}
    

How do you know these procedures worked?

To verify that you've successfully configured the global settings for Safe Links (the Block the following URLs list and the Office 365 app protection settings), do any of the following steps:

  • On the Safe Links page in the Microsoft 365 Defender portal at https://security.microsoft.com/safelinksv2, click Global settings, and verify the settings in the fly out that appears.

  • In Exchange Online PowerShell or Exchange Online Protection PowerShell, run the following command and verify the settings:

    Get-AtpPolicyForO365 | Format-List BlockUrls
    

    For detailed syntax and parameter information, see Get-AtpPolicyForO365.