Welcome back, Siberians to the M s 3 65 Security Administration course.
I'm your starter, Jim Daniels
and I am super excited.
to continue Model three in mystery 65. Threat Protection lesson to 80 p. Part three. Safe links
in this lesson was all about safe links,
functionality management, policy creation and user experience.
The last lesson was about safe attachments.
This lesson is about safe links.
Safe Links is a feature in a teepee that protects users from malicious URLs that are noted to be used in fishing campaigns.
When we kiss, clicked in the email or document
safe links checks to see if the link is malicious by redirecting the Ural to a secure server in the industry 65 environment
that checks the euro against a block list of malicious ones
Top right, we can see the website has been classified as malicious.
The one below is yellow is being scan. So when you have safe links enable this is a user experience.
They click on the link that says, uh, this is a pretty badly feel you shouldn't could on this is gonna be bright red.
We have that red scream and dune right in their face.
Depending on the policy,
they can click past it
again, that's your policy.
If they quick on something that says, Hey, we don't know about this quite yet filled, Slow down.
Just gonna say is being scan.
Then they can wait and go back to it.
It will either be okay.
Oh, good rights is the site. We'll have that red screen and doom again
as far as the user experience.
I really love safe links
because it catches a user
users browsing and clicking on stuff
and they get that red screen is going to catch their attention.
We've had safe links for a few years now in our environment.
Only one time I've had a user ignored the rich ones,
no matter what you do.
fanger and threat for security is
the rest screaming doom
99 times out of 100 works in the usual back out and put a ticket.
Let's look at creating some of the safe links policies,
permission requirements. This looks familiar to safe attachments. Exchange online, ad man and security Adnan Global at man
set up a location, securing compliance center
prefer, as everything is going there, exchange and in center for now
an organization has 80 p enable and extend. It will have a default 80 p safe links policy automatically created that applies to everyone in the organization
right out of the box.
So if we go to a new safe links policy, you have a standard name description
you have all for one
with this, if you go toe off, I mean, why even create the policy?
So that's where the actions at safe links. That's why you have safe links. To start with
you safe attachments to scan downloadable content, safe links works and attain them with safe attachments.
Apply safe links to messages sent within the organization.
So if you have somebody on the inside whose accounts compromised,
if this isn't checked, they could send out malicious links and safe links. Your policy will not rewrite and check those links.
So we had that checked here.
Do not track when a user clicks safe links.
This is your preference. If you want to track it to start with, you kind of see how many are out there.
do not let users quick through to the original euro.
This is the important one.
I don't know why you would allow your users to click through.
Maybe it's a policy for certain high level users. I don't know,
however, if you want to allow them to click through,
just like with some of the tool tips on Deal P and other compliance policies where they can justify, You gonna let them do that?
You also have the option to do not rewrite the following your else.
So if there is a certain domain, certain website,
you're 100% trusting them. You can put that here, and anything that has a link
based off of that will not be rewritten. Will bypass to, say Frank's policy.
Here's your table of power. Shell commands again. Get set. New remove.
Get set. New rumors,
save attachment policy safe. Cashman's role
You see the correlation. Just have to learn a few things.
It almost doesn't. You can answer questions about two dozen power show commands as it relates to safe wind policies and safe attachment policies
to modify an existence, say Frank's policy.
You just click on the policy,
and you can go through and set some of the same settings and change them that you set when you originally created policy.
faithfully policy types.
Entire organization is default policy
specific users. That's when you create another policy
after your default ones already enabled So specific users you can specify users, groups domains that a policy applies to.
There are a couple caveats as it comes a safe links. If you want to do a custom block, you are a list
asked me. Done the default policy
if you want to. A custom, do not rewrite euro
non default, non entire organization.
And even though the policy says it applies to specific users, you can still set that to apply to your whole domain.
So this way you can have a default
policy to set custom blood euros and also a
catch. All. Do not rewrite your oil policy that applies to your whole organization.
You just have to set the scope according
safe links. Additional configuration option.
Remember how with attachments safe attachment. There was a bypass rule.
you set your head or two.
The XMS exchange organizations skipped safe links processing.
You can do the custom block list.
It's found default or policy. Lockwood just discussed entering the euros to be blocked,
and when they're here,
a warning pages displayed.
You can also use well cars to specify sub domains of that domain.
You do a custom. Do not rewrite list as within the specific user policy.
It allows users and groups to visit blocked euros.
So if you have a custom blood list of the domain Microsoft dot com, however, you want somebody in person to be able to visit like herself dot com
In your default organisation policy, you put my herself dot com as he blocked
However, you set up a specific user policy.
You set a scope to purchasing,
and then you put like yourself dot com. Indeed, do not rewrite your old section
this way. People in the parks a single room
can visit Microsoft dot com, whereas no one else in your organization can.
In user experience, someone sends a message that has a euro in it.
It initially goes through and time out where pipe on that. We discussed a few lessons ago.
If it passes, the initial checks still over to the inbox
usually gets the message. Clicks on the euro
Quit you are a was redirected to a secure server sandbox where is checked against a block list of known malicious sites
from here. If it's safe
browser lows the euro
The red screen and doomed warning pages displayed
depending on whether you have the option to allow the user to click through
will be whether their journey ends of that read pages doing. Or they can click on it to proceed to the malicious tank page.
The default Safe links policy applies to the entire organization and allows a custom block list
You talk about it pretty extensively.
This is one of those things that I would definitely recommend
True story. Yeah, true story.
Um, it does allow you to do the custom block list. Remember,
has a custom year old block,
Customs Specific user group
allows you to write the do not rewrite.
To recap the lesson about safe links.
It's a feature in a teepee that protects users from malicious euros there noticed be used in fishing campaigns.
The default policy applies to the entire organization is enabled by default and allows customization of a blunt your Oeste.
Additional policies could be applied to a scope of users and groups
with custom. Do not rewrite your Ellis.
I hope you've learned a little bit about the safe links feature within 03 65 80 p.
Thank you for joining me. I hope to see for the next lesson take care.