Application Permissions - Ensure Safe Links for Office Applications is Enabled
Summary
Note: E5 licensing generally includes a number of Built-in Protection policies and while auditioning the policy note of whatever policy is being viewed, you should not forget that CIS recommendations often extend the Default or Build-in Policies provided by MS. In order to Pass the highest priority, policy must match all the recommended settings.
Reason
Safe links to Office applications extends phishing protection to documents and emails that contain hyperlinks, even after they have been delivered to the user.
What If?
The impact of this change on the user is minor in which users may experience a very short delay while clicking on the URLs in Office documents before being directed to the requested site and in the event of an unsafe link, they will receive a message that it has been blocked.
How to?
- Under Admin centers click Security.
- Under Email & collaboration select Policies & rules.
- Select Threat policies then Safe Links.
- Now, click on the policy, a new pane will open on the right hand side.
- After that, under Protection settings pick Edit protection settings.
- Ensure the following boxes are checked:
- On: Safe Links checks the list of known, malicious links when users click links in email. URLs are rewritten by default.
- Apply Safe Links to email messages sent within the organization.
- Apply real-time URL scanning for suspicious links and links that point to files.
- Wait for URL scanning to complete before delivering the message.
- On: Safe Links checks the list of known, malicious links when users click links in Microsoft Teams. URLs are not rewritten.
- On: Safe Links checks the list of known, malicious links when users click links in Microsoft Office apps. URLs are not rewritten.
7. Under Click protection settings check Track user clicks and uncheck Let users click through to the original URL. 8. Select Save.
To enable the Safe Links policy for Office 365, use the Exchange Online PowerShell Module:- Connect to Exchange Online using Connect-ExchangeOnline.
- Now, run the following command:
- Connect to Exchange Online using Connect-ExchangeOnline.
- Now, run the following command:
Monitor:
- Under Admin centers click Security.
- Under Email & collaboration select Policies & rules.
- Select Threat policies then Safe Links.
- Now, click on the policy, a new pane will open on the right hand side.
- After that, under Protection settings pick Edit protection settings.
- Ensure the following boxes are checked in the section URL & Click protection settings:
- On: Safe Links checks the list of known, malicious links when users click links in email. URLs are rewritten by default.
- Apply Safe Links to email messages sent within the organization.
- Apply real-time URL scanning for suspicious links and links that point to files.
- Wait for URL scanning to complete before delivering the message.
- On: Safe Links checks the list of known, malicious links when users click links in Microsoft Teams. URLs are not rewritten.
- On: Safe Links checks the list of known, malicious links when users click links in Microsoft Office apps. URLs are not rewritten.
- Connect to Exchange Online using Connect-ExchangeOnline.
- Now, run the following command:
7. Under Click protection settings uncheck Let users click through to the original URL.
To verify the Safe Links policy is enabled, use the Exchange Online PowerShell Module:
Get -SafeLinkPolicy | Format -Table Name
3. Once this returns the list of policies run the following command to view the policies.
Get -SafeLinkPolicy -Identity "Policy Name"
4. Verify the value for the following:
- EnableSafeLinksForEmail : True
- EnableSafeLinksForTeams: True
- EnableSafeLinksForOffice: True
- AllowClickThrough: False
- ScanUrls: True
- EnabelForInternalSenders: True
- DeliverMessageAfterScan: True
Comments
Post a Comment