Safe Links is one of the best features of Defender for Office 365, it can help protect your organization from malicious links that are used in phishing and other attacks by scanning links inside of your incoming mail, this makes sure it’s safe to click on and won’t take you somewhere malicious.
As an email comes in, Safe Links will perform 2 actions:
- Rewrite all links in the email to redirect them through Microsoft’s servers
- Scan the incoming email for known malicious links
Safe Links will not only scan the destination of the link when it enters your inbox but also every time the link is clicked after that.
This is possible as Microsoft rewrites the link to reroute your click via their server first while the destination is scanned, once scanned, you will be taken to the destination as normal.
This all happens in a matter of seconds and will not slow your loading time.
You can see these re-written links by mousing over the link:
Once a link has been rewritten, it will stay rewritten and will work anywhere.
This means if you were to forward an email, even to someone external who doesn’t use Defender or even Office 365, the link will still work.
Clicking on a malicious link
If a malicious link is found and you were to click on the link, you will be redirected to a page like one of the below images.
Depending on your organisation’s policy, emails containing these links may still come through to you, or be blocked entirely.
A Legitimate link is being blocked
If you believe the link has been incorrectly marked as malicious, please contact Sentrian
Learn more about Safe Links
If you wish to know more about Safe Links and how they work, Microsoft provides excellent documentation: here