Level Up

Challenge #7

Shield Against Malicious Hyperlinks

Activate Safe Links in Office applications to protect your organization from harmful links in documents and emails. It’s time to fortify your defense against online threats.

a trojan horse, or malicious content masquerading as legitimate

Why?

The digital world is full of hidden dangers, and hyperlinks in emails and documents are among the most common ways cyber attackers try to breach our defenses. That’s why Safe Links is such an essential tool. It acts as a vigilant guard, scrutinizing every link the moment someone clicks on it, and neutralizing any lurking threats in real-time.

This isn’t just about blocking suspicious links; it’s about ensuring that every corner of our digital workspace, from emails to documents in Microsoft Teams and Office Apps, is secure against phishing attempts. Setting up Safe Links according to the best practices, like those recommended by cyber security experts, provides an extra layer of security that’s always active, and always checking. It’s about creating a safe environment where our team can click with confidence, knowing they’re protected from the hidden dangers of the internet.

How?

Setting up Safe Links in Microsoft 365 is a detailed but crucial process. Here’s how to get it done:

    Step 1: Go to the Microsoft 365 Defender Portal

    On your computer, launch a new browser window (Edge, Chrome), and type in https://security.microsoft.com/ and press enter.

    Note: You will require Microsoft 365 administrative credentials – be sure to have the username and password ready.

    Step 4: Set URL & Click Protection Settings for Email
    • Under the URL & click protection settings, we want to enable several (many of which are already enabled), including:
      • Under Email:
        • Checked On: Safe Links checks a list of known, malicious links when users click links in email. URLs are rewritten by default
        • Checked Apply Safe Links to email messages sent within the organization
        • Checked Apply real-time URL scanning for suspicious links and links that point to files
        • Checked Wait for URL scanning to complete before delivering the message
        • Unchecked Do not rewrite URLs, do checks via Safe Links API only.
        Step 7: Click Protection Settings
        • Under the URL & click protection settings, we want to enable several (many of which are already enabled), including:
          • Under Click Protection Settings:
            • Checked Track user clicks
            • Unchecked Let users click through the original URL
        • Now click Next
        Step 2: Adjust Email & Collaboration Policies

        Within the Microsoft Defender Center:

        • Look for and select Email & Collaboration along the left-hand side menu
        • Under Email & Collaboration, look for and select Policies & rules
        • In the Policies & rules window, select Threat policies
        Step 5: Set URL & Click Protection Settings for Teams
        • Under the URL & click protection settings, we want to enable several (many of which are already enabled), including:
          • Under Teams:
            • Checked On: Safe Links checks a list of known, malicious links when users click links in Microsoft Teams. URLs are not rewritten
        Step 8: Save Your Settings
        • Within the Notification window, we can select Use the default notification text, and select Next
        • We can now review and validate our settings.
        • Once you are satisfied, click Submit and then Done.
        • We’ll then return to the main window where we’ll see our new policy as enabled (status = on).
        Step 3: Create a New Safe Links Policy
        • Within the Threat policies window, under Policies, find and select Safe Links
        • Within the Safe Links window, select the + Create
        • Provide a Name for your new Safe Links policy, such as My Company Safe Links
        • Feel free to also provide a description, such as Policies recommendations from Third Octet’s Level Up challenge
        • Click Next
        • On the next screen, we’ll be leaving users and groups blank. However, under domains, we want to enter the domain name that we use for our e-mails. As an example, ours is thirdoctet.com. Go ahead and enter your domain name and click enter.
        • Now click Next.
        Step 6: Set URL & Click Protection Settings for Office 365 Apps
        • Under the URL & click protection settings, we want to enable several (many of which are already enabled), including:
          • Under Office 365 Apps:
            • Checked On: Safe Links checks a list of known, malicious links when users click links in Microsoft Office apps. URLs are not rewritten

        While you’re here…

          How SMBs Can Outsmart Advanced Email Threats

          How SMBs Can Outsmart Advanced Email Threats

          Explore the criticality of email security for businesses, delving into sophisticated threats like Spear Phishing, BEC, and Ransomware, and identify practical steps for enhanced protection. The article highlights the gaps in Microsoft 365’s email defense and advocates for a layered security approach. With real-life examples and tangible results, we underscore the importance of proactive measures and Third Octet’s comprehensive solutions to safeguard your business email and infrastructure against evolving cyber threats.

          read more
          Microsoft Opens the Gates to Copilot for SMB

          Microsoft Opens the Gates to Copilot for SMB

          Microsoft’s Copilot for Microsoft 365, now accessible to SMBs, is redefining business efficiency and creativity. Integrating AI with familiar Microsoft applications, it streamlines tasks, boosting productivity. The expansion democratizes AI for SMBs, offering the same advanced tools as larger corporations. Third Octet emphasizes how Copilot tackles SMB challenges like productivity, data analysis, and cost-effective innovation. The future holds promises of enhanced AI learning, broader application integration, and advanced analytics, with Third Octet ready to guide businesses in leveraging these AI advancements.

          read more
          Are you prepared for Windows 10 end of life?

          Are you prepared for Windows 10 end of life?

          As we approach October 2025, the end-of-life for Windows 10 looms on the horizon, presenting a pivotal moment for technological advancement and security for small and medium-sized businesses. This isn’t merely an operating system update; it’s a strategic move to future-proof your business operations. Is your business prepared for the switch?

          read more