1. Log in to the Microsoft Defender Portal:
Visit Microsoft Defender Portal https://security.microsoft.com/
2. Navigate to Safe Links Policies:
Go to Policies & Rules > Threat Policies > Safe Links.
3. Create or Edit a Safe Links Policy:
Click on + Create or edit an existing policy to open the Safe Links policy wizard.
4. Enter Policy Details:
- Provide a Name and Description for the policy.
- Click Next.
5. Specify Users and Domains:
- On the Users and Domains page, define the internal recipients the policy will cover (e.g., all recipients in the accepted domains within your organization).
- Click Next.
6. Manage URLs for Permanent Exception:
- In the URL & Click Protection Settings section, click Manage URLs under the text ‘Do not rewrite the following URLs in email’.
- Click + Add URLs.
7. Add URLs for Permanent Exception:
Enter the following domains:
atpscan.global.hornetsecurity.com
seclinks.cloud-security.net
securelinks.cloud-security.net
atpscan.global.hornetsecurity.com/*
seclinks.cloud-security.net/*
securelinks.cloud-security.net/*
Ensure these URLs are marked for permanent exception.
8. Save and Apply Policy:
- Click Done to return to the URL & Click Protection Settings screen.
- Click Next on the subsequent screens.
- Review your settings and click Submit to save the policy.
Office 365 Basic (Defender not included)
Since Office 365 Basic does not include Microsoft Defender, the process involves submitting URLs to Microsoft for analysis and defining permanent exceptions through the submission portal.
1. Navigate to the Submissions Section:
- Visit Microsoft Defender center (Security) (https://security.microsoft.com/reportsubmission).
2. Open URL Submission Panel:
- Go to the Actions & submissions section.
- Click the URLs tab.
- Click the + Submit to Microsoft for analysis button to open a panel on the right.
3. Submit URLs for Permanent Allowance:
- In the Submit to Microsoft for analysis panel, select URL from the drop-down menu under Select the submission type.
- Enter the following domains:
atpscan.global.hornetsecurity.com
seclinks.cloud-security.net
securelinks.cloud-security.net
- Select I’ve confirmed it’s clean.
- Do not check the box for Remove allow entry after. This will keep the URLs permanently allowed.
- Click Submit to finalize the permanent allowance.
After submission, it may take some time for the policy to apply. During testing, it took around 10 minutes, and according to the Microsoft Knowledge Base, it can take up to 6 hours.
By following these steps, you can ensure that the specified URLs are permanently allowed in your Office 365 environment, whether you are using a premium plan with Microsoft Defender or a basic plan without Defender.
Microsoft Quarantine
We recommend that customers monitor the quarantine queues over the next 24 hours to ensure Microsoft correctly classifies emails.
For more information, refer to: How to manage the M365 Quarantine https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-about?view=o365-worldwide.