This document describes how to add the phishing domains used by the SoSafe Phishing Simulation to a policy for the Microsoft Defender for Microsoft 365 that prevents your users from seeing the following warning screen in the browser:


Ein Bild, das Text enthält.

Automatisch generierte Beschreibung


Please note that depending on the scope of the license you have purchased, access to these settings in the Microsoft Defender is not possible. For more information on this topic, please contact your Microsoft Support.


1. First, please go to https://www.office.com/apps?auth=2&home=1 and switch in "Office 365" tab to "Security".



A new tab of Microsoft 365 Defender will open.


2. Click on "Policies and rules" and then on “Threat policies”. Under the Threat policies click on “Safe Links”.


Ein Bild, das Text enthält.

Automatisch generierte Beschreibung


The window for editing safe links opens.


3. Click on "Create" to add a new safe links policy.


Ein Bild, das Text enthält.

Automatisch generierte Beschreibung

 

4. Name your policy and give it, if necessary, a description.


Ein Bild, das Text enthält.

Automatisch generierte Beschreibung

5. In the "Users and domains" tab, select the domain of your organization as the recipient domain.


6. In the protection settings, select “Safe Links checks a list of known, malicious links when users click in email. URLs are rewritten by default.”.




7. Next click on Manage 0 URLs. 



Now you can define all URLs for the new policy, which are listed in the SoSafe Manager under Simulation > Whitelisting > List of used domains in the phishing links. The format of the domain should always match the format https://domain/* (e.g., https://learning.sosafe.de/*).