Office 365, Safe Links
The policy regarding Safe Links in Microsoft Team and Office applications will be updated to enhance the security of the Microsoft 365 environment
*** This policy will take effect September 12, 2022.
What is happening?
Safe Links warnings will be activated in Microsoft Teams and Office applications, such as Word, Excel, and PowerPoint. Safe Links scanning can help protect our organization from malicious links that are used in phishing and other attacks.
What does it mean?
The Safe Links feature provides time-of-click verification of URLs and links in files accessed via Teams or Office apps, such as Word, Excel, and PowerPoint. Currently, links in files accessed in Teams or Office 365 can be clicked without warning even if they are deemed malicious. The new Safe Links policy will provide a warning to people if the link they are trying to access is deemed to be malicious.
In Microsoft Teams, the protection will cover one-to-one conversations, group chats, and channel posts. URLs will be checked against a list of known malicious links when the user clicks the link. URLs will not be rewritten. If a link is found to be malicious, users will have the following experiences:
- If the link was clicked in a Teams conversation, group chat, or from channels, the warning page as shown in the screenshot below will appear in the default web browser.
- If the link was clicked from a pinned tab, the warning page will appear in the Teams interface within that tab.
Safe Links protection for Office applications has the following client requirements:
- Microsoft 365 Apps
- Current version of Word, Excel, and PowerPoint on Windows, Mac, or in a web browser
- Office apps on iOS or Android devices
- Visio on Windows
- OneNote in a web browser
- Office applications are configured to use modern authentication
- Users are signed in using their university account
If the URL points to a website that has been determined to be malicious, a malicious website warning page opens.
In some cases, there might be a delay of a few moments before the URL can has completed and users might see this warning:
In some case, there might be an error encountered by Microsoft and users might see this warning: