Safe Links is a feature in Microsoft Defender for Office 365 that provides URL scanning and posts warning messages to users when phishing messages are detected.
 
Customers using this feature might have their users see a message like this upon clicking links included in WSAT phishing simulation emails:



You can add a Mail Flow (Exchange Transport) rule to disable Safe Links for messages sent from Security Awareness Training. This leaves Safe Links enabled for all the other email messages sent to your domains.

Add Mail Flow rule to the Exchange admin center (EAC)
 
Set up a mail flow rule to stop rewriting URLs from emails sent by Webroot’s mail server.

1. Open the Exchange admin center, click here for assistance if needed.
2. In the EAC, go to mail flow > rules, click the Add icon (+), then Create a new rule...
3. Click More options… at the bottom.

4. Provide a Name for the new rule.
5. Add the condition Apply this rule if …
   • ​​Select The Sender and select IP address is in any of these ranges or exactly matches.

6. Add all of the IP addresses for Webroot's email servers, then click OK. The Webroot mail server information is specified in this article.
    
7. Beneath Do the following, click Modify the message properties then Set a Message Header.

8. Click the *Enter text… button to set the message header to the value below. Click OK to continue.
   • X-MS-Exchange-Organization-SkipSafeLinksProcessing to the value 1
      
     Note: Both values are case sensitive.

 

9. Review the settings and once verified, click Save to proceed and complete the process.

Is this article helpful?