M365 Changelog: (Updated) Safe Links Global Settings Migrated to Custom Policies

MC342072 – Updated June 28, 2022: As a reminder within the next week Microsoft will begin enforcing the policy settings for “Use Safe Links in Office 365 Apps”, “Track Clicks”, and “AllowClickThrough” as you have it configured in the custom policies under Safe Links.

Beginning in June Microsoft will begin enforcing the policy settings for “Use Safe Links in Office 365 Apps”, “Track Clicks”, and “AllowClickThrough” as you have it configured in the custom policies under Safe Links. If you have already reviewed your custom policies and made configuration changes no action is required. As a reminder the default value for this policy is “On” and any users, domains, or groups specified under a policy will be covered. Part of this change will include deprecating the “Use Safe Links in Office 365 Apps” and subsequent settings from the Global Settings menu.

Customers that have “Use Safe Links in Office 365 Apps” turned on, will need to create a custom policy in order to maintain safe links protections in Office 365 Apps. This change was planned to be deployed in conjunction with the completion of the Built-In Protection. However, the two changes will reach customers at differing times. Beginning mid-April tenants will see the policy setting Use Safe Links in Office 365 Apps in both the Global Settings menu and Custom Policy. As a reminder in the future tenants will not be able to manage this setting in the Global Settings menu.

Only the policy setting “Use Safe Links in Office 365 Apps” configured in the Global Setting menu will be enforced at this time. Another update will be sent prior to removing the policy setting from the Global Setting menu.”

To create a more consistent user experience across all policies in Microsoft Defender for Office portal the following Safe Links policy attributes will be migrated from the Global Settings flyout to the custom policy settings.

Note: Use Safe Links in Office 365 Apps

• Do Not Track when users click protected links in Office 365 Apps
• Do not let users click through the Original URL in Office 365 Apps

When this will happen:

Microsoft will begin rolling this out in early May and expect to complete rollout late June. 

How this will affect your organization:

For already existing user scoped properties (Track Clicks and Allow Click Through), this change will not override user scoped settings with current tenant wide settings. This means these values will not change for any existing custom policies.

For customers that have “Use Safe Links in Office 365 Apps” turned on, after the migration this tenant level setting will be enabled by default as part of built-in protection for all users, groups, or domains not named as part of a custom policy. Customers can manage the properties “EnableSafeLinksforOffice”, “Track Clicks”, and “Allow Click Through” in custom policies going forward.

What you need to do to prepare:

You might want to notify your users about this change and update your training and documentation as appropriate. 

Learn more:

• Preset security policies in EOP and Microsoft Defender for Office 365
• Safe Links in Microsoft Defender for Office 365