Microsoft Defender For Office 365 SafeLinks Integration With M365 Copilot Chat

Microsoft has announced the integration of Defender for Office 365 SafeLinks with M365 Copilot Chat, providing time-of-click URL protection for hyperlinks in chat responses. This feature is available for users with Microsoft Defender for Office 365 Plan 1 or Plan 2 and requires no additional policy configuration. The rollout is expected to begin in late March 2025 and complete by late May 2025.

Source: M365 Message Center

What Undercode Say:

The integration of Microsoft Defender for Office 365 SafeLinks with M365 Copilot Chat marks a significant advancement in securing AI-driven communication platforms. This feature ensures that users are protected from malicious links in real-time, enhancing the overall security posture of organizations using Microsoft 365. The provided KQL query allows administrators to monitor and analyze blocked links, providing insights into potential threats and ensuring proactive security measures.

In addition to the KQL query, here are some useful commands and practices for enhancing cybersecurity in a Microsoft 365 environment:

1. Enable SafeLinks Policy:

Set-SafeLinksPolicy -Identity "Default" -EnableSafeLinksForTeams $true

2. Check SafeLinks Configuration:

Get-SafeLinksPolicy | fl Identity,EnableSafeLinksForTeams

3. Monitor SafeLinks Logs:

Get-ProtectionAlert -DetailLevel Full | where {$_.AlertType -eq "SafeLinksClick"}

4. Enable Advanced Threat Protection (ATP):

Set-AtpPolicyForO365 -Identity "Default" -EnableATPForSPOTeamsODB $true

5. Check ATP Configuration:

Get-AtpPolicyForO365 | fl Identity,EnableATPForSPOTeamsODB

6. Monitor ATP Alerts:

Get-ProtectionAlert -DetailLevel Full | where {$_.AlertType -eq "ATP"}

7. Enable Multi-Factor Authentication (MFA):

Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationRequirements @{State="Enabled"}

8. Check MFA Status:

Get-MsolUser -UserPrincipalName [email protected] | fl StrongAuthenticationRequirements

9. Enable Audit Logging:

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

10. Search Audit Logs:

Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) -ResultSize 1000

These commands and practices are essential for maintaining a secure Microsoft 365 environment. By leveraging the integration of SafeLinks with M365 Copilot Chat and utilizing the provided KQL query, organizations can significantly enhance their defense mechanisms against cyber threats. For more detailed information, refer to the M365 Message Center.

References:

Hackers Feeds, Undercode AI

Microsoft Defender for Office 365 SafeLinks Integration with M365 Copilot Chat

KQL Query to Check Blocked Links by SafeLinks:

What Undercode Say:

1. Enable SafeLinks Policy:

2. Check SafeLinks Configuration:

3. Monitor SafeLinks Logs:

4. Enable Advanced Threat Protection (ATP):

5. Check ATP Configuration:

6. Monitor ATP Alerts:

7. Enable Multi-Factor Authentication (MFA):

8. Check MFA Status:

9. Enable Audit Logging:

10. Search Audit Logs:

References:

Listen to this Post

KQL Query to Check Blocked Links by SafeLinks:

What Undercode Say:

1. Enable SafeLinks Policy:

2. Check SafeLinks Configuration:

3. Monitor SafeLinks Logs:

4. Enable Advanced Threat Protection (ATP):

5. Check ATP Configuration:

6. Monitor ATP Alerts:

7. Enable Multi-Factor Authentication (MFA):

8. Check MFA Status:

9. Enable Audit Logging:

10. Search Audit Logs:

References:

Related Posts: