Microsoft Defender for Office 365: manage Safe-Links policy

Microsoft Defender Office 365 Safe Link

Questo articolo è disponibile anche in lingua italiana al seguente link: Microsoft Defender for Office 365: gestire le regole di Safe Links –

Within Microsoft Defender for Office 365 it is possible to manage Safe Links protection to scan all the URLs present inside Outlook, SharePoint and Teams.

By default, the list is empty but is suggested add some values like your web sites, partner/trusted sites and some other “known” portals (es. Microsoft). This, to avoid the link traslation generated by MDO because this component, when enabled, is able to pre-scan the web site to understand if is dangerous or malicious.

The rewrite can be “not beautiful” from user prospective and this is the reason why you should evaluate the configuration.

NB: remember to add only few links and only the full trusted because allow everything, or disable the rules, can expose your endpoints to potential risks.

The list can be filled manually or via PowerShell. To see the list in PS, use this cmdlet:

Get-SafeLinksPolicy -Identity “Recommended safe links policy” | Select DoNotRewriteUrls

If you want add more links, this is the cmdlet: Set-SafeLinksPolicy -Identity “Recommended safe links policy” -DoNotRewriteUrls @{Add=”https://*”,”https://*”}

Once applied, check again the result via PowerShell or via GUI.

These are some links that you should exclude from rewrite:

Why Zoom or WebEx? Because if you receive meeting from external, is important avoid the control in particular if you have Meeting Room devices.

Change Rule Name

From MDO portal is not possible change the Safe Link rule name but this is possible via PowerShell with this cmdlet: Set-SafeLinksRule -Identity “Recommended safe links rule” -Name “Default Safe Links”


In a few steps you can go and customize Defender for Office 365 Safe Link policy, so as to increase the security of your Microsoft 365 platform.