“Tıkladığında Bile Güvenli”
Phishing mail’de URL “bugun-kampanya.com” → aslında credential harvesting site. Safe Attachments sadece eki tarar — link tıklamasını değil.
Safe Links: Her tıklamada URL real-time Microsoft threat intel’e kontrol edilir. Zararlı ise “Blocked” sayfası.
Hızlı Çözüm (TL;DR)
- security.microsoft.com > Threat policies > Safe Links
-
- Create > “Safe Links — Corp”
- Recipients: All users in firma.com.tr
- URL & click protection: ON
- Apply real-time protection, track user clicks
- Save
10:00 — Policy
Security Portal:
📸 Ekran 1 — Safe Links
Email & collaboration > Policies > Threat policies > Safe Links”+ Create” > Name: “Safe Links — Corp”
Next → Recipients:
- Users and domains: firma.com.tr
- (Exception group opsiyonel)
10:05 — URL & Click Protection
📸 Ekran 2 — Protection settings
Email:
☑ On: Safe Links checks a list of known, malicious links when users click
☑ Apply Safe Links to email messages sent within the organization
☑ Apply real-time URL scanning for suspicious links and links that point to files
☑ Wait for URL scanning to complete before delivering the messageTeams:
☑ Safe Links in Microsoft TeamsOffice 365 apps:
☑ Safe Links protection for OfficeClick protection settings:
☑ Track user clicks
☐ Let users click through to the original URL (uncheck — strict)
Save.
Dikkat — External Domain Links
Partner’a link gönderiyorsun:
https://firmaniz.com/documents.pdfSafe Links bu link’i “sanitize” eder:
https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffirmaniz.com%2F...Alıcı “rewritten URL” görür. Bazı partnerlar bu format’tan şikayet eder.
Whitelisted URLs
Security Portal > Safe Links > Policy > URLs to not rewrite
Add: firmaniz.com
partner-api.comBu domain’ler rewrite edilmez, doğrudan gönderilir.
User Click Tracking
Defender > Reports > Threat protection status > URL click:
- Kim ne link’e tıkladı
- Result: Allowed / Blocked
- Phishing tren analizi
KVKK: User click tracking bazı ülkelerde “kişisel veri” — aydınlatma metninde belirt.
Test
Kendin mail gönder içinde:
https://spamlink.testcategory.comTıkla → Safe Links url-safe.protection.outlook.com benzeri sayfa → scan → “This site is suspicious” uyarı.
İlgili Rehberler
Defender for O365 full stack için uzman destek? Teknik görüşme.