Safe Links policies for email messages

%3CLINGO-SUB%20id%3D%22lingo-sub-3291481%22%20slang%3D%22en-US%22%3ESafe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3291481%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20been%20monitoring%20our%20secure%20score%20pretty%20hard%20lately%20and%20noticed%20%229%20points%20regressed%20for%26nbsp%3B%3CSPAN%3ECreate%20Safe%20Links%20policies%20for%20email%20messages%22.%26nbsp%3B%20%26nbsp%3BI%20went%20to%20our%20Safe%20Links%20policy%20and%20sure%20enough%2C%20the%20two%20recommended%20items%20were%20already%20configured.%26nbsp%3B%20I%20restarted%20the%20policy%2C%20and%20i'm%20waiting%20for%20the%20%22real-time%22%20secure%20score%20to%20update%2C%20but%20it%20is%20not.%26nbsp%3B%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EHow%20do%20you%20guys%20go%20about%20resolving%20issues%20like%20this%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3291481%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EEmail%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3300070%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3300070%22%20slang%3D%22en-US%22%3EConfirmed%20that%20detection%20has%20been%20fixed%20for%20my%20tenant%20at%20least.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3300015%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3300015%22%20slang%3D%22en-US%22%3EAnd%20finally%20on%20May%201st%20I've%20got%20my%20points%20back.%20Seems%20Microsoft%20has%20fixed%20the%20detection.%20I%20hope%20also%20for%20you%20all.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3298705%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3298705%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3EI%20would%20strongly%20encourage%20everyone%20to%20open%20a%20case%20with%20Microsoft.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EConsidering%20this%20thread%2C%20it%20looks%20like%20we%20are%20facing%20an%20SI.%20My%20bet%20is%20that%20internally%20this%20issue%20hasn't%20hit%20the%20necessary%20thresholds%20(including%20number%20of%20cases)%20or%20visibility%20to%20declare%20an%20SI.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20aware%20that%20threads%20like%20this%20can't%20replace%20traditional%20Microsoft%20support%2C%20but%20it's%20disappointing%20to%20see%20that%20Microsoft%20PMs%20are%20ignoring%20these%20valuable%20flags%20and%20insights.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20yesterday%20I've%20got%20another%20(random)%20erorr%20accessing%20the%20SS%20page%20%22T%3CSPAN%3Ehe%20requested%20resource%20could%20not%20be%20found.%20Please%20modify%20the%20request%20and%20try%20again.%26nbsp%3BMicrosoft%20is%20calculating%20your%20Secure%20Score%2C%20which%20usually%20takes%202-4%20days%20from%20when%20your%20tenant%20was%20created.%20Please%20check%20back%20later.%22%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3297536%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3297536%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1369716%22%20target%3D%22_blank%22%3E%40SeniorBraddah%3C%2FA%3E%26nbsp%3Bmarking%20as%20%22resolved%20through%20alternate%20mitigation%22%20means%20that%20even%20if%20you%20delete%20the%20Safe%20Links%20policy%20the%20points%20will%20still%20be%20granted.%20Not%20an%20ideal%20solution%20if%20you%20really%20want%20to%20track%20the%20score.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHopefully%20Microsoft%20will%20fix%20this%20issue%20soon%20as%20it%20becomes%20annoying.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3297444%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3297444%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1371280%22%20target%3D%22_blank%22%3E%40Marius_S%3C%2FA%3E%3A%20Thanks%2C%20I%20fixed%20my%20post%20to%20clear%20the%20confusion.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3296221%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3296221%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1369716%22%20target%3D%22_blank%22%3E%40SeniorBraddah%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3ECan%20confirm%2C%20this%20is%20happening%20to%20me%20too.%3CBR%20%2F%3EI%20have%20two%20fresh%20tenancies%20i'm%20building%20for%20clients.%3C%2FP%3E%3CP%3EImplementation%20status%3CBR%20%2F%3E100%25%20of%20users%20are%20affected%20by%20policies%20that%20are%20configured%20less%20securely%20than%20is%20recommended%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AndrewEI_0-1651054648463.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F367266iB59EC5BBB64CE3AC%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AndrewEI_0-1651054648463.png%22%20alt%3D%22AndrewEI_0-1651054648463.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3295272%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3295272%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1371280%22%20target%3D%22_blank%22%3E%40Marius_S%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F664379%22%20target%3D%22_blank%22%3E%40Maxim_van_Luttikhuizen%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20input%20in%20this%20thread.%20Our%20Safe%20links%20check%20looks%20like%20it%20corrected%20itself%20on%20the%2024th%20and%20gained%20us%209%20points%2C%20hooray!%20I%20am%20still%20having%20a%20few%20other%20checks%20not%20reporting%20correctly%2C%20but%20I%20have%20been%20checking%20the%20policy%20is%20in%20place%2C%20and%20marking%20the%20status%20as%20%22resolved%20through%20alternate%20mitigation%22.%26nbsp%3B%3C%2FP%3E%3CP%3EFair%20warning%20though%2C%20you%20can%20only%20mark%20the%20status%20for%20App%20and%20Identity%20actions.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBrandon%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3294759%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3294759%22%20slang%3D%22en-US%22%3E%22are%20not%20configured%22%20or%20%22are%20configured%22%20less%20securely%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3294756%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3294756%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1369716%22%20target%3D%22_blank%22%3E%40SeniorBraddah%3C%2FA%3E%26nbsp%3BThe%20test%20I%20started%20yesterday%20(see%20my%20other%20comment)%20has%20been%20completed.%20I%20created%20a%20new%20policy%20with%20the%20correct%20settings%20and%20assigned%20it%20to%20a%20single%20user.%20Secure%20Score%20now%20mentions%20both%20policies%20with%20the%20correct%20number%20of%20users%20and%20states%20that%20both%20policies%20are%20configured%20less%20securely%20than%20recommended.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20it%20seems%20the%20detection%20is%20incorrect.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3294718%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3294718%22%20slang%3D%22en-US%22%3ESame%20here.%20Has%20anyone%20solved%20the%20problem%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3294377%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3294377%22%20slang%3D%22en-US%22%3ESame%20issue%20here.%20Regressed%20almost%208%20points%20for%20Safe%20Links%20on%20Apr.%2020th.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3293958%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3293958%22%20slang%3D%22en-US%22%3ESame%20here.%20Today%20I%20created%20a%20new%20policy%20with%20the%20same%20settings%20and%20applied%20it%20to%20one%20user%20(Also%20excluded%20that%20user%20from%20the%20original%20policy).%20Hopefully%20that%20will%20be%20scored%20in%20which%20case%20I%20will%20assign%20all%20users%20to%20the%20new%20policy%20and%20delete%20the%20old%20one.%20If%20it%20doesn't%20work%2C%20I%20will%20at%20least%20see%20if%20the%20implementation%20status%20is%20updated%20(both%20policies%20should%20appear).%20If%20the%20status%20is%20updated%20but%20the%20scoring%20is%20not%2C%20I%20will%20change%20the%20status%20manually%20to%20%22Resolved%20through%20alternate%20mitigation%22.%20Once%20every%203%20months%2C%20I%20analyze%20all%20the%20items%20with%20status%20other%20then%20%22Completed%22%20to%20see%20if%20detection%20has%20improved%20or%20previously%20accepted%20risks%20are%20still%20acceptable.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3293885%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3293885%22%20slang%3D%22en-US%22%3ESame%20exact%20issue%20here.%20Regressed%209%20points%20for%20Safe%20Links%20on%20Apr.%2020.%20No%20change%20was%20made%20to%20the%20policy%20at%20the%20time.%20Tried%20disabling%20and%20re-enabling%20the%20policy.%20Also%20verified%20that%20safe%20links%20is%20still%20re-writing%20our%20URLs.%20Points%20have%20not%20come%20back%20since.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3292890%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3292890%22%20slang%3D%22en-US%22%3E%3CP%3ESame%20issue%20here.%20Regressed%209%20points%20for%20the%20Safe%20Links%20suddenly%20on%20Apr.%2020.%3CBR%20%2F%3EDouble%20checked%20the%20policy%20(which%20of%20course%20was%20not%20even%20changed)%20and%20all%20seems%20according%20to%20recommendation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3292319%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20policies%20for%20email%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3292319%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1369716%22%20target%3D%22_blank%22%3E%40SeniorBraddah%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESame%20thing%20here.%20I'm%20trying%20to%20improve%20score%20and%20created%20the%20necessary%20policies%20which%20made%20me%20gain%20some%20points.%20Suddenly%2C%20one%20day%2C%20I%20regressed%209%20points%2C%20next%20day%20gained%209%20points%20again%2C%20only%20to%20lose%20them%20again%20the%20following%20day.%26nbsp%3B%20No%20changes%20were%20made%20to%20the%20organisation%20or%20policies.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESafe%20Links%20Policy%20states%20that%20100%25%20of%20my%20users%20are%20affected%20by%20this%20policy.%20So%20they%20are%20all%20covered.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20have%20a%20clue%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I've been monitoring our secure score pretty hard lately and noticed "9 points regressed for Create Safe Links policies for email messages".   I went to our Safe Links policy and sure enough, the two recommended items were already configured.  I restarted the policy, and i'm waiting for the "real-time" secure score to update, but it is not. 

 

How do you guys go about resolving issues like this?

15 Replies

@SeniorBraddah 

 

Same thing here. I'm trying to improve score and created the necessary policies which made me gain some points. Suddenly, one day, I regressed 9 points, next day gained 9 points again, only to lose them again the following day.  No changes were made to the organisation or policies. 

 

Safe Links Policy states that 100% of my users are affected by this policy. So they are all covered.

 

Anyone have a clue? 

Same issue here. Regressed 9 points for the Safe Links suddenly on Apr. 20.
Double checked the policy (which of course was not even changed) and all seems according to recommendation.

Same exact issue here. Regressed 9 points for Safe Links on Apr. 20. No change was made to the policy at the time. Tried disabling and re-enabling the policy. Also verified that safe links is still re-writing our URLs. Points have not come back since.
Same here. Today I created a new policy with the same settings and applied it to one user (Also excluded that user from the original policy). Hopefully that will be scored in which case I will assign all users to the new policy and delete the old one. If it doesn't work, I will at least see if the implementation status is updated (both policies should appear). If the status is updated but the scoring is not, I will change the status manually to "Resolved through alternate mitigation". Once every 3 months, I analyze all the items with status other then "Completed" to see if detection has improved or previously accepted risks are still acceptable.
Same issue here. Regressed almost 8 points for Safe Links on Apr. 20th.
Same here. Has anyone solved the problem?

@SeniorBraddah The test I started yesterday (see my other comment) has been completed. I created a new policy with the correct settings and assigned it to a single user. Secure Score now mentions both policies with the correct number of users and states that both policies are configured less securely than recommended.

 

So it seems the detection is incorrect.

 

"are not configured" or "are configured" less securely?

@Marius_S@Maxim_van_Luttikhuizen 

Thanks for your input in this thread. Our Safe links check looks like it corrected itself on the 24th and gained us 9 points, hooray! I am still having a few other checks not reporting correctly, but I have been checking the policy is in place, and marking the status as "resolved through alternate mitigation". 

Fair warning though, you can only mark the status for App and Identity actions.

 

Brandon

@SeniorBraddah 

Can confirm, this is happening to me too.
I have two fresh tenancies i'm building for clients.

Implementation status
100% of users are affected by policies that are configured less securely than is recommended

 

AndrewEI_0-1651054648463.png

 

@Marius_S: Thanks, I fixed my post to clear the confusion.

@SeniorBraddah marking as "resolved through alternate mitigation" means that even if you delete the Safe Links policy the points will still be granted. Not an ideal solution if you really want to track the score.

 

Hopefully Microsoft will fix this issue soon as it becomes annoying.

Finally, I got my points back!

And finally on May 1st I've got my points back. Seems Microsoft has fixed the detection. I hope also for you all.
Confirmed that detection has been fixed for my tenant at least.