URL Rewrite/ Link Protection
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. URL Rewrite/ Link Protection

      Microsoft Safe Links

      Connect the Microsoft Safe Links data feed.

      Overview

      Microsoft Safe Links scans and rewrites URLs in inbound email messages, and provides time-of-click verification of URLs and links in email messages. To learn more, see Safe Links in Microsoft Defender for Office 365.

      Adding the Microsoft Safe Links data feed in Radiant Security provides your organization with visibility into phishing emails accessed from unmanaged devices. With this data, Radiant Security can identify the affected users who have clicked on malicious links from their personal devices, arming you with the data necessary to perform deeper investigations and reveal the full scope of an incident.

      Additionally, we guide analysts to block access to URLs leveraging Safe Links when Microsoft has not already blocked them.

      Prerequisites

      This configuration requires that you are an administrator of the O365 account.

      This configuration assumes that the permissions for message trace were already granted as part of the Microsoft O365 onboarding.

      Enable Safe Links

      1. Log in to the Security portal of Microsoft 365.
      2. From the left side menu, navigate to Email & collaboration > Policies & Rules.Captura de Tela 2024-01-26 às 17.27.24
      3. Click Threat policies, then select Safe Links.
      4. Click + Create to add a new policy.
        1. Add all users, groups, or domains that will be monitored.
        2. The following screenshot details the mandatory and preferred configuration settings.
          1. Mandatory configuration is outlined in red. It includes:
            • On: Safe Links checks a list of known, malicious links when users click links in email. URLs are rewritten by default.
            • Apply Safe Links to email messages sent within the organization
          2. Preferred configuration is outlined in blue. It includes:
            • Track user clicks
            • Let users click through to the original URLScreenshot 2023-01-11 at 10.34.24 AM
      5. Leave all other settings unchanged and click Submit.

      Note: Once enabled, Microsoft will begin replacing all email links with Safe Links.

      The standard prefix is: https://nam01.safelinks.protection.outlook.com

      Add the Connector in Radiant Security

      1. Log in to Radiant Security.

      2. From the navigation menu, click Settings > Data Connectors.

      3. From the list of enabled connectors, find Microsoft O365 and click View Details.

        Captura de Tela 2024-02-08 às 09.46.30

      4. Click the Actions drop-down and select Edit Data Feeds.
        Captura de Tela 2024-02-08 às 09.46.53

      5. Select the SafeLinks data feed, click Credentials and select the current credential used for the other O365 connectors.

        Captura de Tela 2024-02-08 às 09.47.09

      6. Click Add Connector to complete the setup.
        Captura de Tela 2024-02-08 às 09.47.31

       

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-08-23