URL rewriting does not apply during Attack Simulation (Credential Harvesting)

I’m running a credential-harvesting attack simulation in Microsoft Defender for Office 365, but the URL rewriting does not work as expected.

In the final confirmation screen, the phishing link is shown as rewritten to something like:

https://security.microsoft.com/attacksimulator/redirect?...

However, during the actual simulation, the link is NOT rewritten. It stays as the original domain (e.g., www.officentry.com), which causes the simulation to fail with an error.

I’m not sure whether this behavior is related to Safe Links or something else within Defender.

Why is the URL not rewritten at runtime, and how can I ensure that the redirect link is applied correctly in the actual simulation?