Understanding Microsoft Defender for 365 Safe Links


Introduction

Safe Links is a protective service offered by Microsoft, designed to check and modify URLs contained in emails received in an Exchange Online mailbox. This article offers insights into the advantages of Safe Links and guides you to further resources on the topic.

Explanation

 

Safe Links is a feature within Microsoft Defender for Office 365 that works within Exchange Online. The feature

  • Scans and modifies the URLs in incoming emails to your inbox. Consequently, the links in your emails might appear different than anticipated. Nevertheless, if you hover your cursor over the link in Outlook, a tooltip will display the original URL. If the hover feature does not work, see below for additional options.
  • Checks URLs upon clicking to ensure that safe links remain operational, and that harmful links are restricted. There might be a minor pause when activating the link, which is normal since it is confirming the URL's safety. See below if the hover feature does not work.
  • Aids in defending users against phishing scams and harmful email content. When a link is identified as dangerous, Exchange Online will restrict access to the link, preventing any potential compromise of your account.

At Virginia Tech, Safe Links is activated for all users. The feature cannot be disabled, nor can an exception be put into place.

Additional information regarding Safe Links can be found on Microsoft’s Safe Links support page.

The hover feature works within Mac and Windows, Outlook desktop and browser applications. However, there is a known bug that inconsistently causes this feature to not function correctly. In these cases, here are some options:

  • Check Browser Extensions:
    • If using Outlook Web App, ensure that browser extensions are not interfering. Some extensions might prevent link previews or alter the behavior. Disable unnecessary extensions and test again.
  • Hover Over the Link:
    • Hover over the link in the email message. Observe whether the original URL appears in the tooltip or status bar. If it doesn’t, proceed to the next steps.
  • Inspect the Link Text:
    • Look closely at the link’s display text. Sometimes, the visible text may not match the actual URL. Verify that the link text corresponds to the expected destination.
  • Use an External URL Decoder:
  • Check for Misspellings or Suspicious Domains:
    • Hovering over a link allows users to verify the legitimacy of the domain. Watch out for misspelled URLs or domains that resemble well-known ones (e.g., “Micorsoft.com” instead of “Microsoft.com”).