Forum Discussion
Microsoft Defender is considering Safe link as malicious
Microsoft Defender for Office365 (Safe link) is considering a legitimate URL as malicious and users are not able to open the link. How to ensure the link is whitelisted and doesn't trigger alert as m...
Thanks for the reply. Yes the URL is internal URL used for security purposes, while it was sent to internal users and they clicked and got the popup as "could be malicious" in defender.
We had already added to "Do not rewrite" list. So can you provide the steps to add it as "Allow" list URL ? It would be really helpful in adding URL as allow list
We had already added to "Do not rewrite" list. So can you provide the steps to add it as "Allow" list URL ? It would be really helpful in adding URL as allow list
If by "internal" you mean a domain which could be public but is in fact only resolved correctly on your internal network then that's not going to work for a cloud solution like M365. I don't think M365 has a problem with non-existent top-level domains, but some other security products do and it is increasingly difficult to keep up with the clowns approving nonsense into the global address space. For all other values the previous principle stands; never mind your own organisation's legitimate use, what are other people using that domain for on the internet?
The tenant Allow/Block list can be seen from security.microsoft.com, Email & Collaboration, Policies & Rules, Threat Policies, Tenant Allow/Block Lists, URL tab.
To add a value, go through security.microsoft.com, Actions & Submissions, Submissions and submit your URL to Microsoft with the drop-down set to "URL". You may need to push the case with Product Support, and you can't have a permanent entry; the idea is that you should not need one, something that causes annoyance elsewhere on this forum. If the URL is persistently troublesome then you need to go looking for the reason why.
The tenant Allow/Block list can be seen from security.microsoft.com, Email & Collaboration, Policies & Rules, Threat Policies, Tenant Allow/Block Lists, URL tab.
To add a value, go through security.microsoft.com, Actions & Submissions, Submissions and submit your URL to Microsoft with the drop-down set to "URL". You may need to push the case with Product Support, and you can't have a permanent entry; the idea is that you should not need one, something that causes annoyance elsewhere on this forum. If the URL is persistently troublesome then you need to go looking for the reason why.