| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| DEF-SLNK-E3 | Safe Links | detect | significant | T1204 | User Execution |
Comments
Microsoft Defender for O365 Safe Links scanning protects your organization from malicious links that are used in phishing and other attacks. Safe Links provides URL scanning and rewriting of inbound email messages during mail flow, and time-of-click verification of URLs and links in email messages, Teams, and supported Office 365 apps.
Safe Links Detects User Execution attacks due to Safe Links immediately checking the URL's before opening the websites. If the URL points to a website that has been determined to be malicious, a malicious website warning page opens.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2, Microsoft Defender XDR
References
|
| DEF-SLNK-E3 | Safe Links | detect | significant | T1204.001 | Malicious Link |
Comments
Microsoft Defender for O365 Safe Links scanning protects your organization from malicious links that are used in phishing and other attacks. Safe Links provides URL scanning and rewriting of inbound email messages during mail flow, and time-of-click verification of URLs and links in email messages, Teams, and supported Office 365 apps.
Safe Links Detects Malicious Links attacks due to Safe Links immediately checking the URL's before opening the websites. If the URL points to a website that has been determined to be malicious, a malicious website warning page opens.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2, Microsoft Defender XDR
References
|
| DEF-SLNK-E3 | Safe Links | detect | significant | T1204.003 | Malicious Image |
Comments
M365's Safe Attachments is a feature that provides advanced email security by scanning attachments for malicious content and using a virtual environment to check for malicious actions in a process known as detonation. Safe Attachments for SharePoint, OneDrive, and Microsoft Teams operates in real-time to detect against emerging threats. If a suspicious file is identified, this file can be quarantined or blocked access to prevent potential harm.
License requirements:
Mirosoft 365 E5, Defender for Office Plan 1, Microsoft 365 E3 with ATP add-on
References
|
| DEF-SLNK-E3 | Safe Links | detect | significant | T1534 | Internal Spearphishing |
Comments
Microsoft Defender for O365 Safe Links scanning protects your organization from malicious links that are used in phishing and other attacks. Safe Links provides URL scanning and rewriting of inbound email messages during mail flow, and time-of-click verification of URLs and links in email messages, Teams, and supported Office 365 apps.
Safe Links Detects Internal Spearphishing attacks due to Safe Links immediately checking the URL's before opening the websites. You can add entries to the existing policies or configure different lists in different Safe Links policies to determine if certain websites are necessary for business operations. If the URL points to a website that has been identified as a phishing attack, a Phishing attempt warning page will open.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2, Microsoft Defender XDR
References
|
| DEF-SLNK-E3 | Safe Links | detect | significant | T1566 | Phishing |
Comments
Microsoft Defender for O365 Safe Links scanning protects your organization from malicious links that are used in phishing and other attacks. Safe Links provides URL scanning and rewriting of inbound email messages during mail flow, and time-of-click verification of URLs and links in email messages, Teams, and supported Office 365 apps.
Safe Links Detects Phishing attacks due to Safe Links immediately checking the URL's before opening the websites. If the URL points to a website that has been identified as a phishing attack, a Phishing attempt warning page will open.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2, Microsoft Defender XDR
References
|
| DEF-SLNK-E3 | Safe Links | detect | significant | T1566.002 | Spearphishing Link |
Comments
Microsoft Defender for O365 Safe Links scanning protects your organization from malicious links that are used in phishing and other attacks. Safe Links provides URL scanning and rewriting of inbound email messages during mail flow, and time-of-click verification of URLs and links in email messages, Teams, and supported Office 365 apps.
Safe Links Detects Spearphishing attacks due to Safe Links immediately checking the URL's before opening the websites. You can add entries to the existing policies or configure different lists in different Safe Links policies to determine if certain websites are necessary for business operations. If the URL points to a website that has been identified as a phishing attack, a Phishing attempt warning page will open.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2, Microsoft Defender XDR
References
|