# Microsoft Safe Links

In this guide, you'll configure the integration between Radiant and Microsoft Safe Links. Safe Links scans and rewrites URLs in inbound emails and performs time-of-click verification to protect users from malicious links. To learn more, see [Safe Links in Microsoft Defender for Office 365](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links?view=o365-worldwide#safe-links-settings-for-email-messages).

Integrating the Microsoft Safe Links data feed into Radiant  gives your organization visibility into phishing emails accessed from unmanaged devices. With this data, Radiant  can identify users who clicked on malicious links from personal devices, arming you with the data necessary to perform deeper investigations and reveal the full scope of an incident.

Additionally, we guide analysts to block access to URLs leveraging Safe Links when Microsoft has not already blocked them.

### Prerequisites

* [ ] Administrator of the O365 account
* [ ] This configuration assumes that the permissions for message trace were already granted as part of the [Microsoft O365 onboarding](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/microsoft-o365)

### Enable Safe Links

1. Log in to the Security portal of [Microsoft 365](https://security.microsoft.com/).
2. From the left side menu, navigate to **Email & collaboration** > **Policies & Rules**.![Captura de Tela 2024-01-26 às 17.27.24](https://help.radiantsecurity.ai/hs-fs/hubfs/Knowledge%20Base%20Articles/Microsoft%20Safe%20Links/Captura%20de%20Tela%202024-01-26%20%C3%A0s%2017.27.24.png?width=275\&height=373\&name=Captura%20de%20Tela%202024-01-26%20%C3%A0s%2017.27.24.png)
3. Click **Threat policies**, then select **Safe Links**.
4. Click **+ Create** to add a new policy.
   * Add all users, groups, or domains that will be monitored.
   * The following screenshot details the mandatory and preferred configuration settings.
     * Mandatory configuration is outlined in <mark style="color:red;">red</mark>. It includes:
       * **On: Safe Links checks a list of known, malicious links when users click links in email. URLs are rewritten by default.**
       * **Apply Safe Links to email messages sent within the organization**
     * Preferred configuration is outlined in <mark style="color:blue;">blue</mark>. It includes:
       * **Track user clicks**
       * **Let users click through to the original URL**

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FQzvvCWp7M7lME7hC7Hwm%2FMicrosoft_Safe_Links_02.webp?alt=media&#x26;token=872a0489-0cdb-4f8c-91a8-47839ae0d7d2" alt=""><figcaption></figcaption></figure></div>

5. Leave all other settings unchanged and click **Submit**.

{% hint style="info" %}
**Note**: Once enabled, Microsoft will begin replacing all email links with Safe Links.

The standard prefix is: `https://nam01.safelinks.protection.outlook.com`
{% endhint %}

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors**.
3. From the list of enabled connectors, find **Microsoft O365** and click **View Details**.
4. Click the **Actions** drop-down and select **Edit Data Feeds**.
5. Select the **SafeLinks** **data** **feed**, click **Credentials** and select the current credential used for the other O365 connectors.
6. Click **Add Connector** to complete the setup.