What Is Safe Links? Security Definition
On This Page
Quick Definition
Safe Links is a security tool in Microsoft 365 that checks every link you click in an email or document. It scans the link at the moment you click to see if it leads to a dangerous website. If the link is safe, you go through; if it is dangerous, you get a warning and are blocked. It works automatically in the background to keep you safe from phishing and malware.
Commonly Confused With
Safe Attachments scans file attachments in emails for malicious content by detonating them in a sandbox environment. Safe Links scans URLs for malicious websites. Both are part of Defender for Office 365, but one deals with files and the other with links. A common exam scenario presents a phishing email with both a link and an attachment; the candidate must know which feature protects each component.
If an email contains a PDF file, Safe Attachments opens it in a sandbox. If the same email contains a link to a fake login page, Safe Links scans that link when clicked.
Anti-phishing policies in Exchange Online Protection focus on detecting phishing attempts by analyzing the email header, sender reputation, and impersonation patterns. Safe Links focuses specifically on the URLs within the email body. Anti-phishing does not rewrite or scan URLs at click time. An email could pass anti-phishing checks but still contain a malicious link that Safe Links needs to catch.
An attacker creates a new email domain that closely resembles your company domain. Anti-phishing policies might not catch it if the sender reputation is neutral. But when the user clicks the link in that email, Safe Links scans the URL and blocks it.
SmartScreen is a browser-level feature in Microsoft Edge that protects users from malicious websites and downloads based on reputation. Safe Links is a server-side feature in Microsoft 365 that rewrites URLs and scans them through Microsoft's cloud. SmartScreen works on the client side, while Safe Links works on the server side before the link is even reached. For exams, if the question mentions email, it is Safe Links; if it mentions browsing in Edge, it could be SmartScreen.
If a user receives a phishing link in an email and clicks it, Safe Links intercepts the click. If the user then opens the same link manually in Edge by typing the URL, SmartScreen may protect them. But Safe Links provides the initial protection in the email context.
Link lock is a brand name sometimes used in marketing for the Safe Links feature in Microsoft 365 Business Premium. It is not a separate technical feature. On exams, the official name is Safe Links. Avoid choosing 'Link lock' as the correct answer unless the question explicitly uses that marketing term in a non-technical context.
A multiple-choice question might list 'Safe Links' and 'Link Lock' as two separate options. Choose Safe Links because that is the official feature name used in the Microsoft 365 Defender portal and documentation.
Must Know for Exams
Safe Links is a specific feature that appears directly in the exam objectives for MS-102 (Microsoft 365 Administrator), MS-900 (Microsoft 365 Fundamentals), and SC-900 (Microsoft Security, Compliance, and Identity Fundamentals). In each of these exams, Microsoft expects candidates to understand the purpose, functionality, and configuration of Safe Links as part of the broader Microsoft Defender for Office 365 suite. For MS-102, which focuses on advanced administration and security management, Safe Links is a primary objective.
Candidates must know how to create and manage Safe Links policies, understand the difference between Safe Links policies for email and for Office documents, and know how to interpret the reports in the Microsoft 365 Defender portal. Questions on MS-102 often present a scenario where a company has a security incident involving a phishing link, and the candidate must choose the correct policy configuration to block similar attacks. For MS-900, the focus is on fundamental knowledge.
Safe Links appears as part of the security and compliance capabilities of Microsoft 365 Business Premium and Enterprise plans. Typical questions ask candidates to identify which feature protects against malicious links, distinguish Safe Links from Safe Attachments, and recognize the Microsoft Defender for Office 365 licensing requirements. Expect multiple-choice questions with answer choices that include antivirus, firewall, and other security terms.
For SC-900, Safe Links is part of the security capabilities of Microsoft 365. This exam emphasizes understanding concepts and capabilities rather than deep configuration. Candidates should be able to explain what Safe Links does, when it is applied, and how it fits into the defense-in-depth strategy.
A common question type describes a user who clicks a link in an email and is redirected to a warning page; the candidate must identify that Safe Links is the feature responsible. In all three exams, Safe Links is often confused with Safe Attachments. Safe Attachments scans file attachments for malware, not links.
Knowing the difference is a frequent trap. Microsoft may ask about the licensing requirements: Safe Links is available only with Microsoft Defender for Office 365 Plan 1, Plan 2, or as part of Microsoft 365 E5. The free version of Microsoft 365 does not include Safe Links.
Understanding this licensing point is a common exam objective. Scenario-based questions might require the candidate to determine the best policy action for a specific threat. For instance, if a user clicks a link that leads to a site with low reputation, should the policy block the click, allow it but log it, or show a warning?
The correct answer depends on the organizational risk tolerance as set in the policy. Another question might ask how Safe Links protects links in Teams conversations or in Office documents stored on OneDrive. Safe Links is a must-know topic for these exams, and candidates should focus on its core functionality, policy configuration, licensing, and the difference from similar features.
Simple Meaning
Imagine you are walking through a busy airport and a stranger hands you a sealed envelope with a note saying "Open this for a free ticket." You might be excited, but you also know that the envelope could contain something dangerous. In the digital world, links in emails and documents are like those envelopes.
A link might look harmless, but it could take you to a website that tries to steal your password or download a virus onto your computer. Safe Links is like having a security officer standing next to you every time you receive an envelope. Before you open it, the officer takes the envelope, scans it with a special machine, and tells you if it is safe to open.
If the officer finds a razor blade or poison inside, he takes the envelope away and warns you not to touch it. That is exactly what Safe Links does. When you receive an email with a link-perhaps from your bank, a coworker, or a shipping company-Safe Links does not let your email program immediately open the link.
Instead, it rewrites the link so that your click first goes through Microsoft's security check. In that split second, Microsoft's system checks the link against a constantly updated list of known bad websites. It also uses advanced analysis to evaluate new, unknown websites.
If the site is dangerous, you see a warning page or the link is blocked entirely. If the site is clean, you are allowed to proceed. Safe Links also works on links in Office documents like Word, PowerPoint, and Excel, and it even checks links in Teams messages.
The key idea is that protection happens at the moment you click, not when the email is delivered. This is important because attackers often change the destination of a link after an email has passed initial security checks. Safe Links catches those late changes and keeps you safe even if the link initially looked harmless.
Full Technical Definition
Safe Links is a core component of Microsoft Defender for Office 365, specifically part of the anti-phishing and anti-malware protection stack. It is designed to protect end users from malicious URLs embedded in email messages, Office documents, and Microsoft Teams links. The feature operates at the time of click, meaning that when a user clicks a link in a supported application, the request is intercepted and evaluated before the user is allowed to reach the target website.
Safe Links works by rewriting URLs within email messages and documents so that they point to Microsoft's safe link verification service. For example, a link like https://example.com may be rewritten to https://nam01.
safelinks.protection.outlook.com/?url=https://example.com&data=... This rewritten URL includes metadata such as the original URL, the user's tenant identifier, and a timestamp. When the user clicks the rewritten link, their request is sent to Microsoft's infrastructure, which performs several checks.
First, the service checks the URL against a global threat intelligence feed that contains known malicious or phishing URLs. This feed is updated in near real-time based on signals from Microsoft's vast network of endpoints, email systems, and third-party threat intelligence. If the URL is not in the known bad list, the system performs a reputation analysis.
This involves evaluating the domain age, registration details, hosting provider reputation, and any history of malicious activity. If the URL still appears benign, Safe Links may detonate the link in a sandbox environment. The sandbox is an isolated virtual machine that simulates a real user environment.
The link is clicked from within the sandbox, and the resulting webpage is rendered. The sandbox monitors for malicious behaviors such as drive-by downloads, script injection, form grabbing, or redirect chains that lead to credential harvesting pages. If no suspicious behavior is detected, the user is allowed to pass through to the original URL.
The entire process typically takes under one second. Safe Links also provides time-of-click protection for links in email messages that have already been delivered. Unlike traditional email security gateways that only scan links at delivery time, Safe Links can catch URLs that are weaponized after delivery, which is a common tactic used by attackers who use delayed payloads.
Administrators configure Safe Links through the Microsoft 365 Defender portal under Policies and rules. They can create custom policies that target specific users, groups, or domains. Policies allow administrators to set actions for known malicious URLs, suspicious URLs, and untrusted URLs.
Options include blocking the click entirely, showing a warning page, or allowing the click but logging it. Safe Links also supports URL threat protection for internal links shared within the organization and for links in Office documents that are opened from SharePoint, OneDrive, or Teams. The feature integrates with Microsoft Information Protection and Conditional Access to provide a layered security posture.
It also generates detailed reports in the Microsoft 365 Defender console, showing click activity, blocked URLs, and user-level threat detections. Safe Links is available in Microsoft Defender for Office 365 Plan 1, Plan 2, and as an add-on for Microsoft 365 Business Premium and Enterprise E5 subscriptions. Safe Links does not replace other security controls like anti-spam, anti-malware, or Safe Attachments; it works alongside them as part of a defense-in-depth strategy.
Real-Life Example
Think about how you handle a package delivered to your home. If you receive a package from a friend, you might open it immediately. But if you receive an unexpected package from a company you have never heard of, you might hesitate.
You might check the return address, shake the box, and listen for strange sounds. If the package feels unusual, you might even call the delivery company to verify it is safe. Safe Links works exactly like that cautious package inspection, but for every link you receive in your email.
Imagine you are working at a company and you get an email from what looks like your IT department. The email says you need to reset your password immediately because of a security breach. There is a link that says "Click Here to Reset Password."
Your first instinct might be to click it right away, but Safe Steps in like a security guard who takes the link package to a secure inspection room. In that room, the guard opens the link in a safe environment to see what is actually inside. The link might start by redirecting to a fake login page that looks exactly like your company's login screen.
The guard notices the web address is slightly different, something like "mycompany-login.com" instead of the real "mycompany.com." The guard also sees that the page has hidden scripts trying to capture your keystrokes.
The guard immediately declares the link unsafe, blocks your access, and shows you a warning message. Meanwhile, the guard reports this dangerous link to the central security team so they can block it for everyone else. This whole inspection happens in less than a second.
You never actually touch the dangerous website. Without Safe Links, you would have clicked the link, entered your username and password, and handed your credentials to an attacker. That attacker could then log into your email, steal sensitive data, or send more phishing emails to your colleagues.
Safe Links acts as that non-stop security guard for every single link, every single time, without you having to think about it.
Why This Term Matters
In the real world of IT, phishing remains one of the most common and effective attack vectors. Attackers constantly evolve their tactics, and one of their favorite techniques is to use links that appear legitimate but lead to malicious websites. Even the most security-aware users can be tricked by a well-crafted phishing email.
Safe Links matters because it provides an additional layer of protection that operates at the critical moment of click. For IT professionals, deploying Safe Links reduces the risk of credential theft, malware infections, and ransomware attacks that often start with a single malicious link. In a corporate environment, one compromised account can lead to a full-blown security incident, costing the organization time, money, and reputation.
Safe Links also reduces the burden on IT helpdesks. Instead of having to manually investigate every suspicious email reported by users, Safe Links automatically blocks dangerous links and provides detailed logs. This allows IT teams to focus on more serious threats.
Safe Links provides visibility and reporting. Administrators can see which users are clicking on malicious links, which types of threats are most common, and whether policies are effective. This data is invaluable for security audits, compliance reporting, and improving security awareness training.
Safe Links is also a requirement for many compliance frameworks, such as ISO 27001 and NIST, because it demonstrates that an organization is taking proactive steps to protect against phishing. For the average user, Safe Links works silently and does not interfere with productivity-except when a dangerous link is blocked, which is a good thing. From an exam perspective, understanding Safe Links is essential because it is a key feature of Microsoft Defender for Office 365, which is heavily tested in Microsoft 365 security exams.
Knowing when Safe Links applies, how it rewrites URLs, and how to configure it is critical for passing certification exams. Safe Links matters because it addresses a real and persistent threat, provides measurable security improvements, and is a fundamental tool in the Microsoft security stack.
How It Appears in Exam Questions
On Microsoft certification exams, Safe Links appears in several distinct question patterns. The first pattern is direct definition questions. A typical question might be, which Microsoft Defender for Office 365 feature protects users from malicious links at the time of click?
The answer choices include Safe Links, Safe Attachments, anti-malware, and anti-spam. Here the candidate must know that Safe Links is the correct feature. Another variation asks which feature rewrites URLs to redirect through Microsoft's safe link verification service.
The second pattern is scenario-based configuration questions. These present a real-world situation and ask the candidate to choose the correct action. For example, a company has received reports that users are clicking on links in phishing emails.
The security team wants to block access to websites that are known to host malware. The candidate is asked which policy to configure in the Microsoft 365 Defender portal. The correct answer is to create a Safe Links policy with an action set to block malicious URLs.
A variant of this might ask how to apply the policy to a specific group of users in the finance department. The candidate needs to know that Safe Links policies can be scoped to specific users, groups, or domains. The third pattern is troubleshooting questions.
These describe an issue where a user reports that clicking a link in an email results in a warning page, even though the link is legitimate. The candidate must identify possible causes, such as a block action configured incorrectly in the Safe Links policy, or a false positive that needs to be reported and the site added to an allow list. Another troubleshooting scenario involves links in a Word document shared via OneDrive not being scanned.
The candidate needs to know that Safe Links also applies to Office documents in SharePoint, OneDrive, and Teams, and that policies must be configured for document protection separately from email protection. The fourth pattern is comparison questions. These ask the candidate to differentiate between Safe Links and other security features.
For instance, what is the primary difference between Safe Links and Safe Attachments? The answer is that Safe Links scans URLs, while Safe Attachments scans file attachments. Another comparison might be between Safe Links and anti-phishing policies in Exchange Online Protection.
The candidate must understand that anti-phishing policies handle impersonation and spoofing, while Safe Links handles URL scanning. The fifth pattern is licensing and availability questions. A typical question might be: A customer has Microsoft 365 Business Standard.
Can they use Safe Links? The answer is no; they need Microsoft 365 Business Premium or an add-on. Another question might ask which plan includes Safe Links for both email and Office documents.
The correct answer is Microsoft Defender for Office 365 Plan 2. Finally, exam questions may present a scenario where a user receives an email with a link that passes initial delivery checks but later becomes malicious. The candidate is asked how Safe Links protects against this.
The correct answer is that Safe Links performs time-of-click verification, so even if the link was safe at delivery, it is rechecked when the user clicks. This is a critical point that differentiates Safe Links from traditional email gateways. To answer these questions correctly, candidates should be familiar with the Safe Links policy settings, the difference between blocking, warning, and logging actions, and the various locations where Safe Links applies (email, Teams, Office documents).
Practise Safe Links Questions
Test your understanding with exam-style practice questions.
Example Scenario
A midsize company named Northwind Traders uses Microsoft 365 for email and collaboration. The IT team recently deployed Microsoft Defender for Office 365 Plan 2 to improve security. One Tuesday morning, Sarah, a marketing manager, receives an email that appears to be from the company's CEO, with a subject line reading Urgent: Review the New Vendor Contract.
The email body says Please click the link below to access the contract and provide your feedback. The link is displayed as https://northwind-updates.com/contract. Sarah thinks this is a legitimate request because the CEO often asks for quick feedback on documents.
She clicks the link without hesitation. However, the link is actually a phishing attempt. The domain northwind-updates.com is a fake website set up by an attacker to look like the company's official document portal.
When the victim signs in with their company credentials, the attacker harvests those credentials. In this scenario, Safe Links is configured in the company's email security policy. When Sarah clicks the link, her email client sends the request to Microsoft's Safe Links infrastructure.
The system first checks the domain northwind-updates.com against the global threat intelligence database. It finds that this domain was registered only 24 hours ago and is associated with a hosting provider known to host phishing sites.
The system then detonates the link in a sandbox environment. In the sandbox, the link redirects to a page that perfectly mimics the company's Microsoft 365 login screen with a subtle misspelling in the URL. The sandbox detects the redirection and the presence of hidden form fields designed to capture credentials.
Based on the policy set by the IT team, which is set to Block malicious URLs and show a warning, Safe Links blocks the click. Instead of reaching the fake login page, Sarah sees a red warning page that says This link has been blocked as malicious. Please contact your IT administrator if you believe this is an error.
Sarah realizes something is wrong and deletes the email. She also forwards the email to the IT team for investigation. The IT team reviews the Safe Links report in the Microsoft 365 Defender portal and sees that one user almost clicked a known malicious link.
They can see the source IP of the email, the time of click, and the blocked URL. They also add the domain to the block list to prevent future attempts. The incident is avoided entirely without any data loss.
This scenario illustrates how Safe Links protects users even when they are about to make a mistake, providing a critical safety net in the fight against phishing.
Common Mistakes
Thinking Safe Links only scans links in email messages.
Safe Links also scans links in Office documents (Word, Excel, PowerPoint) stored in SharePoint, OneDrive, and Teams. It also scans links in Teams conversations and channels. Restricting Safe Links to only email underestimates its full protection scope.
Remember that Safe Links protection extends to all Office 365 apps where links are shared: email, Office documents, and Teams. Configure policies for both email and document protection.
Confusing Safe Links with Safe Attachments.
Safe Links focuses on scanning URLs to detect malicious websites, while Safe Attachments scans email attachments for malware. They are separate features with different purposes, though both are part of Defender for Office 365.
Associate Safe Links with links and Safe Attachments with files. A simple memory aid: Safe Links protect your clicks, Safe Attachments protect your double-clicks on files.
Believing Safe Links scans links at the time of email delivery only.
Safe Links performs time-of-click protection, meaning it checks the link at the moment the user clicks it, not when the email arrives. This is essential because attackers often change the link destination after the email has passed initial security checks.
Understand the concept of time-of-click protection. Safe Links is not a one-time check at delivery; it re-evaluates the link every time a user clicks it to account for delayed threats.
Assuming Safe Links is available in all Microsoft 365 subscriptions.
Safe Links is only included in Microsoft 365 Business Premium, Enterprise E5, and as part of Microsoft Defender for Office 365 Plan 1 or Plan 2. Subscriptions like Business Basic, Business Standard, or Enterprise E3 do not include Safe Links by default.
Check the licensing requirements. If a client needs Safe Links, they need a higher-tier subscription or an add-on. Mention this in exam answers when a question involves budget or licensing constraints.
Thinking that configuring a Safe Links policy blocks all unsafe links automatically without any action from the admin.
While there is a default policy for Safe Links, administrators must configure custom policies to set specific actions like block, warn, or allow along with logging. The default policy may not provide the desired level of protection for all organizations.
Know that administrators need to create and apply customized Safe Links policies targeting specific users or groups. The default protection might be less restrictive than needed.
Assuming Safe Links can prevent all phishing attacks.
Safe Links is a powerful tool, but no single security feature is foolproof. Attackers can use zero-day domains, compromised legitimate sites, or social engineering that bypasses URL scanning. Safe Links must be combined with other security measures like multi-factor authentication, user training, and conditional access policies.
Treat Safe Links as one layer in a defense-in-depth strategy. It is extremely effective but not a silver bullet. Use it alongside other security controls.
Exam Trap — Don't Get Fooled
{"trap":"When asked to identify the feature that protects users from malicious links in an email at the time of clicking, learners may choose Anti-Phishing policies instead of Safe Links.","why_learners_choose_it":"Learners often confuse the general term 'anti-phishing' with the specific feature Safe Links. Anti-phishing policies in Microsoft 365 handle impersonation protection, spoofing intelligence, and mailbox intelligence, but they do not scan URLs at the time of click.
The name 'anti-phishing' sounds broad and relevant, making it a tempting wrong answer.","how_to_avoid_it":"Remember that Safe Links is the only Microsoft Defender for Office 365 feature that specifically rewrites URLs and scans them at the time of click. Anti-phishing policies deal with identifying whether an email is from a legitimate sender, not with scanning individual links.
On the exam, when you see the phrase 'at the time of click' or 'URL rewriting,' your answer should be Safe Links."
Step-by-Step Breakdown
Email Delivery and URL Rewriting
When an email is delivered to a user's inbox, Microsoft 365 scans it. If Safe Links policies are enabled, all URLs in the email are rewritten. The original URL is replaced with a new URL that points to the Microsoft Safe Links verification service. This rewriting allows Microsoft to intercept the click later.
User Clicks the Link
When the user clicks the rewritten link, the browser or email client sends the request to the Microsoft Safe Links infrastructure. The request includes the original URL, tenant information, and a unique user identifier. This step happens in milliseconds and is invisible to the user.
Threat Intelligence Check
Microsoft’s system first checks the original URL against its global threat intelligence database. This database contains millions of known malicious or phishing URLs, updated in real-time from sources like Microsoft Defender for Endpoint, Bing, and third-party feeds. If the URL is found, the system proceeds to the next step based on the policy action.
Reputation and Sandbox Analysis
If the URL is not in the known bad list, the system performs a reputation analysis, examining factors like domain age, registrar, and hosting provider. If the reputation is suspicious, the system detonates the link in a sandbox environment. The sandbox is an isolated virtual machine that simulates a real user browser and monitors for malicious behaviors such as redirects, script injections, or download attempts.
Policy Action Applied
Based on the results from the threat check and sandbox analysis, the system applies the action defined in the Safe Links policy. If the URL is malicious, the user is blocked and shown a warning page. If the URL is suspicious, the policy may show a warning but allow the user to proceed with caution. If the URL is safe, the user is redirected to the original destination. All actions are logged for reporting.
Logging and Reporting
The click event is recorded in the Microsoft 365 Defender portal. Details include the user who clicked, the original URL, the verdict (malicious, suspicious, safe), and the action taken. Administrators can review these logs to identify trends, adjust policies, and train users. The logs also feed into threat hunting and incident response workflows.
Practical Mini-Lesson
Safe Links is a feature that every IT professional managing Microsoft 365 should understand deeply because it directly impacts the organization's security posture. In practice, implementing Safe Links involves several key decisions. First, you need to ensure your tenant has the correct licensing.
Safe Links is not available in the basic Microsoft 365 plans. You need Microsoft 365 Business Premium, Enterprise E5, or an add-on of Microsoft Defender for Office 365 Plan 1 or Plan 2. Without this licensing, the feature will not appear in the security center.
Once licensing is confirmed, the next step is to navigate to the Microsoft 365 Defender portal, go to Email and Collaboration, then Policies and Rules, and find Safe Links under Threat Policies. There is often a default policy that applies to all users, but it is highly recommended to create custom policies tailored to your organization's needs. For example, you might have a strict policy for finance and HR departments that blocks all suspicious URLs, while a less restrictive policy for general users might only warn them and allow clicks with logging.
When configuring a policy, you must specify the action for malicious URLs: block the click, redirect to a warning page, or allow the click but log it. The recommended practice is to block malicious URLs and set a separate action for suspicious URLs, like warning the user. Another important setting is whether to scan links in email messages only or also in Office documents and Teams.
For comprehensive protection, enable Safe Links for all locations. A common oversight is forgetting to apply the policy to specific user groups. By default, policies apply to all users, but you can scope them to specific security groups.
This is useful for piloting a new policy before rolling it out organization-wide. After configuration, monitoring is critical. The Safe Links report in the Defender portal shows you which users are clicking malicious links, what types of threats are most common, and whether your policies are effective.
You should review this report weekly to spot trends and adjust policies accordingly. For example, if you see a spike in clicks on malicious links in the marketing department, you might create a stricter policy for that group and also provide additional security awareness training. One of the most important aspects of Safe Links is understanding false positives.
A legitimate link might be incorrectly flagged as malicious because the domain is new or the site uses dynamic content. When this happens, users will report that they cannot access a necessary website. As an administrator, you must be able to investigate the claim, check the Safe Links logs to see why it was blocked, and if the site is indeed safe, submit it as a false positive to Microsoft.
You can also add the domain to an allow list in the Safe Links policy, though this should be done sparingly because it creates an exception to security. Another common real-world issue is URL rewriting breaking certain applications or services. For example, some email marketing links or social media links may not work correctly after rewriting.
In such cases, you might need to create a policy that excludes specific trusted senders or domains from Safe Links scanning. This requires a careful balance between security and functionality. In an exam context, you should know the difference between the default policy and custom policies, the settings for actions and scope, and the reporting capabilities.
Be aware that Safe Links can be integrated with Microsoft Information Protection and Conditional Access for more granular control. For instance, if a user is accessing from an untrusted location, you might enforce a stricter Safe Links policy. Overall, Safe Links is not a set-it-and-forget-it feature.
It requires ongoing administration, monitoring, and fine-tuning to remain effective. Professionals who manage it well will significantly reduce the risk of phishing-related incidents in their organization.
Memory Tip
Think of Safe Links as a bodyguard who checks IDs at the door before you enter a club. The bodyguard (Safe Links) stops you at the door (the click), checks the ID (the URL) against a list of banned people (threat intelligence), and only lets you in if you are safe. This happens every single time you want to enter, even if you have been there before.
Covered in These Exams
Current Exam Context
Current exam versions that test this topic — use these objectives when studying.
MS-102MS-102 →MS-900MS-900 →SC-900SC-900 →220-1102CompTIA A+ Core 2 →CS0-003CompTIA CySA+ →MD-102MD-102 →CDLGoogle CDL →ISC2 CCISC2 CC →Related Glossary Terms
Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.
AAA (Authentication, Authorization, and Accounting) is a security framework that controls who can access a network, what they are allowed to do, and tracks what they did.
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
5G is the fifth generation of cellular network technology, designed to deliver faster speeds, lower latency, and support for many more connected devices than previous generations.
A/B testing is a controlled experiment that compares two versions of a single variable to determine which one performs better against a predefined metric.
An A record is a type of DNS resource record that maps a domain name to an IPv4 address.
An AAAA record is a DNS record that maps a domain name to an IPv6 address, allowing devices to find each other over the internet using the newer IP addressing system.
802.1Q is the networking standard that allows multiple virtual LANs (VLANs) to share a single physical network link by tagging Ethernet frames with VLAN identification information.
Frequently Asked Questions
Does Safe Links work on mobile devices?
Yes, Safe Links works on mobile devices when you access emails through the Outlook mobile app or the web version. The rewriting and scanning happen server-side, so no additional software is needed on the device.
Can a user bypass a Safe Links warning?
It depends on the policy configuration. Administrators can set the action to block the click entirely, in which case there is no bypass. If the action is set to warn, the user can choose to proceed by acknowledging the warning. Some policies also allow users to report a false positive.
How does Safe Links handle shortened URLs like bit.ly?
Safe Links follows the redirect chain of shortened URLs. It unrolls the short link and scans the ultimate destination. If the final URL is malicious, it will be blocked regardless of how many redirects are involved.
Does Safe Links affect email delivery or performance?
No, Safe Links does not affect email delivery because it only acts when the user clicks a link, not when the email is sent. The scanning process is very fast, typically under one second, so it does not noticeably impact user experience.
Can I exclude certain domains from Safe Links scanning?
Yes, administrators can create allow lists of trusted domains in the Safe Links policy. URLs pointing to these domains will not be scanned or rewritten. This is useful for internal company websites or trusted partners.
Is Safe Links the same as the 'Safelinks' feature in Outlook?
Yes, 'Safelinks' is just a shorthand name for the Safe Links feature in Outlook. Some users refer to it as such in conversation. The official product name in Microsoft documentation is Safe Links.
What happens if the Safe Links service is temporarily unavailable?
If the service is unavailable, the user may see an error page or the link may not work. However, Microsoft has redundant infrastructure to minimize downtime. In the rare event of an outage, older versions of Outlook may fall back to allowing the click, but modern clients typically show an error message.