Overview
Safe Links Protection is enabled for all NHSmail accounts to protect and enhance the security of the platform. Safe Links is part of Microsoft Defender for Office 365 and identifies and blocks malicious web addresses received by NHSmail accounts.
The below guidance is for NHSmail users and Local Administrators who wish to understand more about how this functionality works.
Scope
Safe Links will cover all emails from external to nhs.net accounts and nhs.net to nhs.net accounts.
Emails sent from nhs.net accounts to external accounts are not covered by Safe Links.
How Safe Links works
Safe Links provides time-of-click protection by scanning web addresses in received emails at the point at which they are clicked. In the background web addresses are rewritten but when users hover over the web address they will see the words “Original URL” along with the original web address displayed.
If you receive a forwarded email which includes a URL Safe Links will scan this web address. If you hover over the link however, the web addresses may be shown with a prefix such as: ‘https://gbr01.safelinks.protection.outlook.com’
When clicking a web address a user may see the scan briefly take place using the rewritten link as shown.
If you receive an email from a high-send account such as an application account, Safe Links will rewrite the web address within the body of the email and display the original web address with a prefix such as ‘https://gbr01.safelinks.protection.outlook.com’. This is expected behaviour. See example.
If Safe Links has completed the scanning of the web address or link and has found potentially malicious content, users will be presented with the notification shown below informing them that their access to the link destination is blocked. Users cannot bypass this notification and continue to the website.
How to request a review of a blocked Web address
If an NHSmail user or Local Administrator would like to request a review of the classification of a web address as malicious, as they believe this has been classified incorrectly (known as a false positive), they should contact helpdesk@nhs.net using the template below. If the below template is not used, the Helpdesk will close the ticket.
FAQs
All existing email security features will remain active and in place. Safe Links has been added to your mailbox to build on and enhance existing security features.
You should continue to be aware of any malicious emails, links or attachments and only interact with content which you reasonably believe to be safe. For further information on the email security best practices which all NHSmail users should be adhering to please see this section of the NHSmail Support Site.
The licences which enable Safe Links for each NHSmail user’s mailbox are applied centrally. Local Administrators are not required to apply these licences.
Safe Links will have no impact on how you send web addresses to others via email and you can continue to do this as normal. Safe Links scans received emails only.
If an NHSmail user or Local Administrator would like to request a review of the classification of a URL as malicious as they believe this has been classified incorrectly (known as a false positive), they should contact helpdesk@nhs.net using the template outlined above in this article.
Requests are submitted by the NHSmail helpdesk directly to Microsoft for review. Typically, an analysis of the URL takes 24-48 hours so please continue to attempt access throughout this period.
Note: The time it takes for Microsoft to analyse a link may vary and this time period is indicative only.
If after submitting a request for Microsoft to analyse the blocked URL via the NHSmail helpdesk you are still unable to reach the location after 2 days, please raise an escalation directly to feedback@nhs.net. It is rare that following Microsoft investigation that a legitimate URL would remain blocked.
If you believe you have received a suspicious link within an email that has not been blocked, please report this by following the guidance here.
Safe Links cannot be disabled as it is a feature which is enabled and managed centrally. Neither NHSmail users nor Local Administrators can disable Safe Links. If you believe that Safe Links is causing issues in your use of NHSmail, please raise a ticket with helpdesk@nhs.net.
The web addresses which are blocked as part of Safe Links are determined by Microsoft and cannot be changed. However, if you believe a blocked URL has been incorrectly classified, you should report this to helpdesk@nhs.net using the template outlined above in this article.
Newly created application accounts will have Safe Links applied to them from the 28th October 2022. If your application sends out web addresses, these will be re-written with a Microsoft prefix at the point of click and scanned for malicious content. We recommend that application accounts are monitored regularly to ensure they are functioning as expected.
Last Reviewed Date | 01/11/2022 |