Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back, Siberians to the M s 3 65 Security Administration course.
00:05
I'm your starter, Jim Daniels
00:07
and I am super excited.
00:09
Super Super Excited
00:11
to continue Model three in mystery 65. Threat Protection lesson to 80 p. Part three. Safe links
00:20
in this lesson was all about safe links,
00:22
functionality management, policy creation and user experience.
00:26
The last lesson was about safe attachments.
00:29
This lesson is about safe links.
00:32
Safe Links is a feature in a teepee that protects users from malicious URLs that are noted to be used in fishing campaigns.
00:41
When we kiss, clicked in the email or document
00:44
safe links checks to see if the link is malicious by redirecting the Ural to a secure server in the industry 65 environment
00:54
that checks the euro against a block list of malicious ones
00:59
Top right, we can see the website has been classified as malicious.
01:03
The one below is yellow is being scan. So when you have safe links enable this is a user experience.
01:10
They click on the link that says, uh, this is a pretty badly feel you shouldn't could on this is gonna be bright red.
01:17
We have that red scream and dune right in their face.
01:21
Depending on the policy,
01:23
they can click past it
01:25
or not
01:26
again, that's your policy.
01:27
If they quick on something that says, Hey, we don't know about this quite yet filled, Slow down.
01:33
Just gonna say is being scan.
01:34
Then they can wait and go back to it.
01:37
It will either be okay.
01:38
Oh, good rights is the site. We'll have that red screen and doom again
01:44
as far as the user experience.
01:46
I really love safe links
01:48
because it catches a user
01:49
users browsing and clicking on stuff
01:53
and they get that red screen is going to catch their attention.
01:57
We've had safe links for a few years now in our environment.
02:00
Only one time I've had a user ignored the rich ones,
02:07
no matter what you do.
02:09
Biggest
02:10
fanger and threat for security is
02:14
the human Bangor.
02:16
However,
02:17
the rest screaming doom
02:20
99 times out of 100 works in the usual back out and put a ticket.
02:25
Let's look at creating some of the safe links policies,
02:30
permission requirements. This looks familiar to safe attachments. Exchange online, ad man and security Adnan Global at man
02:37
set up a location, securing compliance center
02:39
prefer, as everything is going there, exchange and in center for now
02:45
and also power show
02:46
an organization has 80 p enable and extend. It will have a default 80 p safe links policy automatically created that applies to everyone in the organization
02:57
right out of the box.
02:59
So if we go to a new safe links policy, you have a standard name description
03:05
you have all for one
03:07
with this, if you go toe off, I mean, why even create the policy?
03:12
Right?
03:13
So that's where the actions at safe links. That's why you have safe links. To start with
03:19
you safe attachments to scan downloadable content, safe links works and attain them with safe attachments.
03:27
Apply safe links to messages sent within the organization.
03:30
So if you have somebody on the inside whose accounts compromised,
03:36
if this isn't checked, they could send out malicious links and safe links. Your policy will not rewrite and check those links.
03:43
So we had that checked here.
03:45
Do not track when a user clicks safe links.
03:50
This is your preference. If you want to track it to start with, you kind of see how many are out there.
03:54
You can
03:57
do not let users quick through to the original euro.
04:00
This is the important one.
04:02
I don't know why you would allow your users to click through.
04:06
Maybe it's a policy for certain high level users. I don't know,
04:12
however, if you want to allow them to click through,
04:15
just like with some of the tool tips on Deal P and other compliance policies where they can justify, You gonna let them do that?
04:24
You also have the option to do not rewrite the following your else.
04:29
So if there is a certain domain, certain website,
04:32
you're 100% trusting them. You can put that here, and anything that has a link
04:39
based off of that will not be rewritten. Will bypass to, say Frank's policy.
04:45
Here's your table of power. Shell commands again. Get set. New remove.
04:50
Keep that in mind.
04:53
Get set. New rumors,
04:55
Safeways policy
04:56
say, for his role
04:58
save attachment policy safe. Cashman's role
05:01
policy.
05:03
You see the correlation. Just have to learn a few things.
05:06
It almost doesn't. You can answer questions about two dozen power show commands as it relates to safe wind policies and safe attachment policies
05:15
to modify an existence, say Frank's policy.
05:18
You just click on the policy,
05:20
and you can go through and set some of the same settings and change them that you set when you originally created policy.
05:29
Pretty simple,
05:30
faithfully policy types.
05:33
Entire organization is default policy
05:38
specific users. That's when you create another policy
05:42
after your default ones already enabled So specific users you can specify users, groups domains that a policy applies to.
05:50
There are a couple caveats as it comes a safe links. If you want to do a custom block, you are a list
05:57
asked me. Done the default policy
06:00
if you want to. A custom, do not rewrite euro
06:03
asked be done in a
06:05
non default, non entire organization.
06:10
And even though the policy says it applies to specific users, you can still set that to apply to your whole domain.
06:17
So this way you can have a default
06:20
policy to set custom blood euros and also a
06:25
catch. All. Do not rewrite your oil policy that applies to your whole organization.
06:30
You just have to set the scope according
06:34
safe links. Additional configuration option.
06:38
Remember how with attachments safe attachment. There was a bypass rule.
06:42
Same thing here
06:43
you set your head or two.
06:45
The XMS exchange organizations skipped safe links processing.
06:49
You can do the custom block list.
06:51
It's found default or policy. Lockwood just discussed entering the euros to be blocked,
06:58
and when they're here,
06:59
a warning pages displayed.
07:00
You can also use well cars to specify sub domains of that domain.
07:06
You do a custom. Do not rewrite list as within the specific user policy.
07:12
It allows users and groups to visit blocked euros.
07:16
So if you have a custom blood list of the domain Microsoft dot com, however, you want somebody in person to be able to visit like herself dot com
07:28
In your default organisation policy, you put my herself dot com as he blocked
07:32
domain.
07:33
However, you set up a specific user policy.
07:36
You set a scope to purchasing,
07:40
and then you put like yourself dot com. Indeed, do not rewrite your old section
07:46
this way. People in the parks a single room
07:47
can visit Microsoft dot com, whereas no one else in your organization can.
07:53
In user experience, someone sends a message that has a euro in it.
07:58
It initially goes through and time out where pipe on that. We discussed a few lessons ago.
08:01
If it passes, the initial checks still over to the inbox
08:05
usually gets the message. Clicks on the euro
08:09
Quit you are a was redirected to a secure server sandbox where is checked against a block list of known malicious sites
08:18
from here. If it's safe
08:20
browser lows the euro
08:22
it is malicious.
08:24
The red screen and doomed warning pages displayed
08:28
depending on whether you have the option to allow the user to click through
08:33
will be whether their journey ends of that read pages doing. Or they can click on it to proceed to the malicious tank page.
08:41
Quiz
08:43
The default Safe links policy applies to the entire organization and allows a custom block list
08:50
for you or else
08:52
true
08:52
were false.
08:54
You talk about it pretty extensively.
08:56
This is one of those things that I would definitely recommend
09:00
to know.
09:03
True story. Yeah, true story.
09:05
Um, it does allow you to do the custom block list. Remember,
09:09
the default
09:09
has a custom year old block,
09:13
whereas the
09:13
Customs Specific user group
09:16
allows you to write the do not rewrite.
09:22
To recap the lesson about safe links.
09:24
It's a feature in a teepee that protects users from malicious euros there noticed be used in fishing campaigns.
09:33
The default policy applies to the entire organization is enabled by default and allows customization of a blunt your Oeste.
09:41
Additional policies could be applied to a scope of users and groups
09:46
with custom. Do not rewrite your Ellis.
09:48
I hope you've learned a little bit about the safe links feature within 03 65 80 p.
09:54
Thank you for joining me. I hope to see for the next lesson take care.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor