# Microsoft Safe Links In this guide, you'll configure the integration between Radiant and Microsoft Safe Links. Safe Links scans and rewrites URLs in inbound emails and performs time-of-click verification to protect users from malicious links. To learn more, see [Safe Links in Microsoft Defender for Office 365](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links?view=o365-worldwide#safe-links-settings-for-email-messages). Integrating the Microsoft Safe Links data feed into Radiant gives your organization visibility into phishing emails accessed from unmanaged devices. With this data, Radiant can identify users who clicked on malicious links from personal devices, arming you with the data necessary to perform deeper investigations and reveal the full scope of an incident. Additionally, we guide analysts to block access to URLs leveraging Safe Links when Microsoft has not already blocked them. ### Prerequisites * [ ] Administrator of the O365 account * [ ] This configuration assumes that the permissions for message trace were already granted as part of the [Microsoft O365 onboarding](/radiant-connectors/data-connectors/microsoft-o365.md) * [ ] Administrator role in Radiant Security ### Enable Safe Links 1. Log in to the Security portal of [Microsoft 365](https://security.microsoft.com/). 2. From the left side menu, navigate to **Email & collaboration** > **Policies & Rules**.![Captura de Tela 2024-01-26 às 17.27.24](https://help.radiantsecurity.ai/hs-fs/hubfs/Knowledge%20Base%20Articles/Microsoft%20Safe%20Links/Captura%20de%20Tela%202024-01-26%20%C3%A0s%2017.27.24.png?width=275\&height=373\&name=Captura%20de%20Tela%202024-01-26%20%C3%A0s%2017.27.24.png) 3. Click **Threat policies**, then select **Safe Links**. 4. Click **+ Create** to add a new policy. * Add all users, groups, or domains that will be monitored. * The following screenshot details the mandatory and preferred configuration settings. * Mandatory configuration is outlined in red. It includes: * **On: Safe Links checks a list of known, malicious links when users click links in email. URLs are rewritten by default.** * **Apply Safe Links to email messages sent within the organization** * Preferred configuration is outlined in blue. It includes: * **Track user clicks** * **Let users click through to the original URL**
5. Leave all other settings unchanged and click **Submit**. {% hint style="info" %} **Note**: Once enabled, Microsoft will begin replacing all email links with Safe Links. The standard prefix is: `https://nam01.safelinks.protection.outlook.com` {% endhint %} ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data Connectors**. 3. From the list of enabled connectors, find **Microsoft O365** and click **View Details**. 4. Click the **Actions** drop-down and select **Edit Data Feeds**. 5. Select the **SafeLinks** **data** **feed**, click **Credentials** and select the current credential used for the other O365 connectors. 6. Click **Add Connector** to complete the setup. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/microsoft-safe-links.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.