Auditing Safe Links Policies in Exchange Online with PowerShell
Auditing Safe Links Policies in Exchange Online with PowerShell
Section titled “Auditing Safe Links Policies in Exchange Online with PowerShell”Overview
Section titled “Overview”Protecting your organization from phishing attacks and malicious links is crucial, and Exchange Online’s Safe Links feature plays a key role in this defense. However, it’s important to ensure that Safe Links policies are correctly configured and applied across all necessary domains.
This article provides a step-by-step guide on how to use PowerShell to audit Safe Links policies in Exchange Online. The script checks if these policies are applied to all domains, helping administrators maintain consistent protection across their entire organization.
Key Security Features
Section titled “Key Security Features”| Feature | Capability | Business Value |
|---|---|---|
| Policy Coverage Analysis | Verifies Safe Links policies apply to all domains | Ensures comprehensive phishing protection across the organization |
| Automated Auditing | Systematically checks all Safe Links configurations | Reduces manual review time and human error |
| Compliance Reporting | Exports results to CSV for documentation | Facilitates security audits and compliance verification |
| Domain Coverage Validation | Identifies gaps in policy application | Prevents security blind spots in specific domains |
Implementation Script
Section titled “Implementation Script”# Connect to Exchange OnlineConnect-ExchangeOnline
# Get all Safe Links policies$safeLinksPolicies = Get-SafeLinksPolicy
# Function to check if Safe Links policies are applied to all domainsfunction Check-SafeLinksPolicy { param ( [string]$policyName )
# Get the details of the specific Safe Links policy $policy = Get-SafeLinksPolicy -Identity $policyName
# Check if the policy is applied to all domains $appliedToAllDomains = $true
if ($policy.DomainsIncluded.Count -eq 0 -and $policy.DomainsExcluded.Count -eq 0) { $appliedToAllDomains = $true } else { $appliedToAllDomains = $false }
return $appliedToAllDomains}
# Prepare an array to hold the policy check results$policyCheckResults = @()
foreach ($policy in $safeLinksPolicies) { $policyName = $policy.Name $isAppliedToAllDomains = Check-SafeLinksPolicy -policyName $policyName
$policyCheckResults += [PSCustomObject]@{ PolicyName = $policyName AppliedToAllDomains = $isAppliedToAllDomains }}
# Display the policy check results$policyCheckResults | Format-Table -AutoSize
# Optionally export to CSV$policyCheckResults | Export-Csv -Path "SafeLinksPolicyCheckResults.csv" -NoTypeInformationWrite-Output "Safe Links policy check results exported to SafeLinksPolicyCheckResults.csv"
# Disconnect from Exchange OnlineDisconnect-ExchangeOnline -Confirm:$falseSecurity Best Practices
Section titled “Security Best Practices”Critical Recommendation: Ensure Safe Links policies are applied to all domains to maintain consistent phishing protection across your entire organization.
Interpretation Guide
Section titled “Interpretation Guide”- AppliedToAllDomains = True: Policy provides comprehensive coverage
- AppliedToAllDomains = False: Policy has domain-specific limitations that may create security gaps
Use the CSV export to track policy compliance over time and identify trends in your security configuration management.