This document describes how to add the phishing domains used by the SoSafe Phishing Simulation to a Microsoft Defender for Microsoft 365 policy that prevents your users from seeing the following warning screen in the browser:


Ein Bild, das Text enthält.

Automatisch generierte Beschreibung


Please note that depending on the scope of the license you have purchased, access to these settings in the Microsoft Defender may not be possible. For more information on this topic, please contact Microsoft Support.


1. First, please go to https://www.office.com/apps?auth=2&home=1 and, in the "Office 365" tab, select "Security".



A new tab of Microsoft 365 Defender will open.


2. Click on "Policies and rules" and then on “Threat policies”. Under "Threat policies" click on “Safe Links”.


Ein Bild, das Text enthält.

Automatisch generierte Beschreibung


The window for editing safe links opens.


3. Click on "Create" to add a new safe links policy.


Ein Bild, das Text enthält.

Automatisch generierte Beschreibung

 

4. Name your policy and give it, if necessary, a description.


Ein Bild, das Text enthält.

Automatisch generierte Beschreibung

5. In the "Users and domains" tab, select your organization’s domain as the recipient domain.


6. In the protection settings, select “Safe Links checks a list of known, malicious links when users click links in email. URLs are rewritten by default.”.




7. Next click on "Manage 0 URLs". 



Now you can define all URLs for the new policy, which are listed in the SoSafe Manager under Simulation > Whitelisting > List of used domains in the phishing links. The format of the domain should always match the format https://domain/* (e.g., https://learning.sosafe.de/*).