Jun 11 2024 08:52 AM
Hi all,
I'm confused about the Safe Links feature which is called "Do not rewrite URLs, do checks via SafeLinks API only".
There are two descriptions which are contradictory to me.
1st:
2nd:
Do not rewrite URLs, do checks via SafeLinks API only: If this setting is selected (on), no URL wrapping takes place but the URLs are scanned prior to message delivery. In supported versions of Outlook (Windows, Mac, and Outlook on the web), Safe Links is called exclusively via APIs at the time of URL click.
(https://learn.microsoft.com/en-us/defender-office-365/safe-links-about)
So what exactly happens, if I enable the API check only? Are links scanned prior delivery or not?
Thanks
Jul 23 2024 10:26 PM - edited Jul 23 2024 10:29 PM
Solution@RobertR2, yes both options will cause the Safe Links scan at delivery.
The difference between them is the rewrite URL option changes the URL inside the body, injecting our Safe Links in to the URL. This means by clicking the URL, the user will go via the Safe Links infrastructure before being redirected to the destination - this doesn't require any client side support and will work across any client as we are changing the URL itself to point to our Safe Links.
The API only option does not change the content of the message but requires client side support such as the Outlook client. The click is intercepted at the client and we do the validation of the site via an API call rather than via the redirect method in rewrite.
The difference is not what happens during delivery, it's what happens when the user clicks on the message. We perform scan both at delivery and at click with both settings, but the API only method requires client side support for time of click protection.
Hope that helps..
Jul 24 2024 05:36 AM
@cammurray Thanks, that what I somehow expected. The documentation should be updated to give a clear understanding.
Jul 23 2024 10:26 PM - edited Jul 23 2024 10:29 PM
Solution@RobertR2, yes both options will cause the Safe Links scan at delivery.
The difference between them is the rewrite URL option changes the URL inside the body, injecting our Safe Links in to the URL. This means by clicking the URL, the user will go via the Safe Links infrastructure before being redirected to the destination - this doesn't require any client side support and will work across any client as we are changing the URL itself to point to our Safe Links.
The API only option does not change the content of the message but requires client side support such as the Outlook client. The click is intercepted at the client and we do the validation of the site via an API call rather than via the redirect method in rewrite.
The difference is not what happens during delivery, it's what happens when the user clicks on the message. We perform scan both at delivery and at click with both settings, but the API only method requires client side support for time of click protection.
Hope that helps..