How to Fix Outlook 365 Safe Links Blocking Legitimate Emails

Learn how to fix the issue of Outlook 365 Safe Links blocking legitimate emails in a Windows Server 2016 terminal server environment.

If you are using Outlook 365 in a Windows Server 2016 terminal server environment, you may have encountered the problem of Safe Links blocking legitimate links in emails. This can be frustrating and time-consuming for both the users and the IT help desk. In this article, we will explain what Safe Links are, why they may block legitimate emails, and how to fix this issue by configuring Safe Links policies in Microsoft Defender for Office 365.

How to Fix Outlook 365 Safe Links Blocking Legitimate Emails

Table of Contents

What are Safe Links?
Why do Safe Links block legitimate emails?
How to fix Outlook 365 Safe Links blocking legitimate emails?
Frequently Asked Questions (FAQs)
Summary

What are Safe Links?

Safe Links is a feature of Microsoft Defender for Office 365 that protects users from malicious links in emails and other online sources. When a user clicks on a link in an email, Safe Links checks the link against a list of known malicious URLs and redirects the user to a warning page if the link is unsafe. This helps prevent phishing, malware, and other online threats.

Why do Safe Links block legitimate emails?

Sometimes, Safe Links may block legitimate emails that contain links to trusted websites or domains. This can happen for various reasons, such as:

The link is not on the list of allowed URLs or domains in the Safe Links policy.
The link is on the list of blocked URLs or domains in the Safe Links policy.
The link is shortened or obfuscated by a third-party service that Safe Links does not recognize.
The link is modified by another email security service, such as Mimecast, that Safe Links does not trust.

When Safe Links blocks a legitimate email, the user may see an Outlook-labeled message that says: “Your organization’s policies are preventing us from completing this action for you. For More info, please contact your help desk.”

How to fix Outlook 365 Safe Links blocking legitimate emails?

The best way to fix Outlook 365 Safe Links blocking legitimate emails is to configure Safe Links policies in Microsoft Defender for Office 365. Safe Links policies allow you to customize how Safe Links works for your organization, such as:

Which users or groups are protected by Safe Links.
Which URLs or domains are allowed or blocked by Safe Links.
Which email messages are exempt from Safe Links protection.
How Safe Links handles links in attachments and documents.

To set up Safe Links policies in Microsoft Defender for Office 365, follow these steps:

Sign in to the Microsoft 365 admin center with your admin credentials.
Go to Security > Threat management > Policy > Safe Links.
Click on the Default policy or create a new policy by clicking on + Create.
On the Settings page, configure the options according to your preferences. For example, you can:
- Enable or disable Safe Links protection for email messages, attachments, and documents.
- Add or remove URLs or domains that are allowed or blocked by Safe Links.
- Add or remove users or groups that are exempt from Safe Links protection.
- Enable or disable the option to track user clicks on Safe Links.
- Enable or disable the option to let users click through to the original URL after seeing the warning page.
Click on Save to apply the changes.

Note: It may take up to 30 minutes for the changes to take effect.

Frequently Asked Questions (FAQs)

Question: Do I need both Safe Links and Mimecast for email security?

Answer: Safe Links and Mimecast are both email security services that can protect your organization from online threats. However, they may have different features and capabilities, and they may not work well together. For example, Mimecast may modify the links in emails, which may cause Safe Links to block them. Therefore, you may want to choose one service over the other, or configure them to work together harmoniously.

Question: How can I test if Safe Links is working properly?

Answer: You can test if Safe Links is working properly by sending yourself an email that contains a link to a known malicious URL, such as https://testsafebrowsing.appspot.com/. If Safe Links is working properly, you should see a warning page when you click on the link. If Safe Links is not working properly, you should see the original website or an error message.

Question: How can I troubleshoot Safe Links issues?

Answer: If you encounter any issues with Safe Links, such as false positives or false negatives, you can troubleshoot them by:

Checking the Safe Links policy settings and making sure they are correct and up to date.
Checking the Safe Links reports and logs in the Microsoft 365 admin center or the Microsoft 365 security center.
Contacting Microsoft support for further assistance.

Summary

In this article, we have learned how to fix Outlook 365 Safe Links blocking legitimate emails in a Windows Server 2016 terminal server environment. We have explained what Safe Links are, why they may block legitimate emails, and how to fix this issue by configuring Safe Links policies in Microsoft Defender for Office 365. We hope this article has been helpful and informative for you.

Disclaimer: This article is for informational purposes only and does not constitute professional advice. Please consult your IT administrator or Microsoft support before making any changes to your email security settings. We are not responsible for any damages or losses that may result from following this article.