Windows Defender Safe Links Whitelist

Windows Defender has a program feature called Safe Links.  When turned on, it quarantines and scans any link received to protect the user.  This program modifies the link address which can kill the connection to the client's return.  They can highlight the link in the email, copy it, and paste it into their browser and it will work as expected.  If they receive multiple emails from us over the course of the year, they may want to add an exclusion for our URL to their Safe Links rewrite policy.

To do so, they need to log into their Safelinks policy center:

From here, they will want to create a custom Safe Links policy to allow our URLs through their threat protection unedited.  We have outlined the steps here:


Creating a custom Safe Links policy in the Security & Compliance Center creates the safe links rule and the associated safe links policy at the same time using the same name for both.

  1. In the Security & Compliance Center, go to Threat management > Policy > ATP Safe Links.
  2. On the Safe Links page, click Create.
  3. The New Safe Links policy wizard opens.
  4. On the Name your policy page, configure the following settings:
    • Name: Enter a unique, descriptive name for the policy.
    • Description: Enter an optional description for the policy.
  5. When you're finished, click Next.
  6. On the Settings page that appears, configure the following settings:
    • Do not rewrite the following URLs: Allows access to the specified URLs that would otherwise be blocked by Safe Links.
      • In the box, type the URL or value that you want.
        • Add ** to this box.  The asterisks act as wild cards.
      • Click [ + ].

Once completed, our links will be allowed to pass through Safe Links unedited, which will allow the client to be able to click the link directly in the future for all delivered links through SafeSend Returns.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request


1 comment
  • After many attempts following the 6 steps above we still could not configure the exclusion, SafeLinks was still rewriting. If this article followed up - can I ask if this have ever worked for anyone?

    Comment actions Permalink

Please sign in to leave a comment.