Email - Microsoft Safe Links

In an effort to reduce the amount of phishing and spam emails we have decided to trial the implementation of Microsoft Safe Links for internal to internal email communications. This is already enabled when we receive an external email into the organisation and works very well.

What Are Office 365 Safe Links?

Safe Links are links which Microsoft use to check any websites or attachments for malicious content. This is Microsoft's way of telling you the website you're trying to visit or the attachment you're trying to download is safe. Safe Links are used to identify every link, including using custom logic to identify any text resembling a URL.

Safe Links can:

  • Protect users from harmful links recommended in emails.
  • Check Microsoft’s database for blacklisting and exclusion demands upon clicks.
  • Redirect users to safety.

How does this work in real terms?

When you receive an email with a link to a website, Safe Links rewrites the URL for the link. When you click on it, the URL validity and reputation are checked to ensure it is safe. If deemed safe, would then allow connection to the site. If deemed unsafe, a warning box would appear advising the site could be harmful.

As an end user, the only difference you should see is that any internal to internal emails with webpage links in will be rewritten to be protected by Safe Links as they are with external emails.

An example URL with Safe Links may look like the following:

SafeLinks Example Link

We understand that best practice asks users to look at the link the URL is going to and that Safe Links takes away this ability, but the extra features it offers such as checking the link upon click to see if it is malicious outweighs this. 

We still need your help 

Although Safe Links is an additional effective layer in the defence against phishing, ransomware etc. we still need users to follow best practice and also be cautious when receiving emails.