URL Clic API for MDO ?

%3CLINGO-SUB%20id%3D%22lingo-sub-2738955%22%20slang%3D%22en-US%22%3EURL%20Clic%20API%20for%20MDO%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2738955%22%20slang%3D%22en-US%22%3EHello%20everyone%2C%3CBR%20%2F%3ETL%3BDR%20%3A%20is%20it%20a%20MDO%20SafeLinks%20API%2C%20or%20a%20Microsoft%20365%20Defender%20where%20we%20can%20check%20whether%20a%20URL%20has%20been%20clicked%20or%20not%3F%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20a%20security%20officer%2C%20working%20with%20Azure%20sentinel%20and%20logic%20apps.%20I%20frequently%20receive%20security%20incidents%20where%20I%20have%20to%20investigate%20if%20users%20accessed%20bad%20URLs.%3CBR%20%2F%3EI%20want%20too%20automate%20this%20a%20bit%20and%20set%20up%20a%20logic%20app%20for%20that.%3CBR%20%2F%3EDo%20you%20know%20if%20there%20is%20any%20documentation%20on%20this%20(and%20if%20this%20feature%20is%20available)%3F%3C%2FLINGO-BODY%3E
Occasional Contributor
Hello everyone,
TL;DR : is it a MDO SafeLinks API, or a Microsoft 365 Defender where we can check whether a URL has been clicked or not?

I'm a security officer, working with Azure sentinel and logic apps. I frequently receive security incidents where I have to investigate if users accessed bad URLs.
I want too automate this a bit and set up a logic app for that.
Do you know if there is any documentation on this (and if this feature is available)?
1 Reply

@jeffazure Unfortunately I do not believe there is an API for this. For Microsoft Defender for Office 365's SafeLinks functionality, there is however a PowerShell cmdlet in the Exchange Online module. It's called Get-UrlTrace and can be used to determine who clicked on a URL.