MS-102 – Manage Safe Links

1. What is the primary purpose of Safe Links?

Protect users from malicious URLs at time of click

Block all external email messages

Replace email attachments automatically

Safe Links verifies URLs when users click them.

2. When does Safe Links check a URL?

At the time the user clicks the link

Only during mail delivery

Only during antivirus scans

Safe Links performs time-of-click verification.

3. What happens to URLs in email messages protected by Safe Links?

They are rewritten using a Safe Links URL prefix

They are removed from the message

They are encrypted only

Safe Links rewrites URLs to route users through protection.

4. Does Microsoft Defender for Office 365 include a default Safe Links policy?

No, protection comes from the Built-in preset policy

Yes, it is always enabled by default

Only for Exchange Online users

There is no default policy; Built-in protection applies.

5. Which Safe Links setting ensures URLs are scanned even if not rewritten?

Do not rewrite URLs, do checks via SafeLinks API only

Apply real-time URL scanning

Wait for URL scanning to complete

This setting scans URLs without wrapping them.

6. Safe Links protection is available in which locations?

Email, Microsoft Teams, and Office apps

Email only

Teams only

Safe Links protects email, Teams, and supported Office apps.

7. Which URL formats are supported by Safe Links?

HTTP, HTTPS, and FTP

SMTP and POP3

S/MIME URLs

Safe Links supports HTTP(S) and FTP formats only.

8. Does Safe Links rewrite SharePoint and OneDrive URLs?

No, but the URLs are still scanned

Yes, always rewritten

They are ignored completely

URLs aren’t rewritten but are still processed.

9. Which role can manage Safe Links policies?

Security Administrator or Organization Management

Reports Reader

Helpdesk Administrator

Only security and org management roles can manage policies.

10. In PowerShell, what must be created FIRST?

Safe Links policy

Safe Links rule

Transport rule

A rule must reference an existing policy.

11. Why might a Safe Links policy created in PowerShell not appear in Defender?

The policy wasn’t assigned to a Safe Links rule

PowerShell failed to sync

The policy name was incorrect

Policies appear only after being linked to a rule.

12. How can an organization bypass Safe Links scanning?

Create a transport rule that skips Safe Links processing

Disable EOP

Turn off URL rewriting only

Mail flow rules can bypass Safe Links.

13. Which header bypasses Safe Links scanning?

X-MS-Exchange-Organization-SkipSafeLinksProcessing

X-MS-Bypass-Links

X-Defender-Skip-URL

This header disables Safe Links processing.

14. What happens when a malicious URL is clicked?

A warning page is shown to the user

The browser opens the site normally

The email is deleted

Safe Links blocks access and displays warnings.

15. URL detonation is used when:

A link points to a downloadable malicious file

An attachment is encrypted

A message is internal only

URL detonation scans linked files in a sandbox.