Articles on: Workspace Configuration
This article is also available in:

Microsoft Defender strict safe links spam/malicious detections

Microsoft Defender strict safe links spam/malicious detections

In some cases, when the “strict” Safe Links policy is enabled in Microsoft 365, legitimate emails and links (for example, invitation emails or work reminders) may be incorrectly classified as malicious or spam. As a result, affected messages might be sent directly to the Microsoft Defender quarantine instead of the user’s inbox.

After such emails are released from quarantine, users might still encounter a false warning from Microsoft Safe Links indicating that the linked website is considered unsafe — even though it is legitimate.

While Microsoft has addressed this behavior, it can reoccur in certain environments or configurations. This article provides steps to prevent and mitigate the issue by whitelisting our domain in Microsoft Defender to ensure emails and links are properly delivered and accessible.


This documentation contains 2 key sections, please do them in this order to avoid people getting "Malicious website" message when they click on the link:

  • Configure a temporary URL whitelist rule for your tenant
  • Release blocked mails from Microsoft 365 quarantaine


Configure a temporary URL whitelist rule for your tenant


  1. As a Microsoft 365 system administrator, go to security.microsoft.com
  2. Open Investigation & response > Actions & Submissions > Submissions (https://security.microsoft.com/reportsubmission ) and click "Submit to Microsoft for analysis"

  1. On the side screen, select URL as submission type with "https://my.brainframe.com" as URL, and select "I've confirmed it's clean" and click Next

  1. Now check the "Allow this URL", and keep the default "45 days after last used date", which is the maximum you can configure.


  1. This will result in a whitelist of our application domain, which you can check on Email & Collaboration > Policies & Rules > Threat Policies > Tenant Allow/Block rules > URLs tab https://security.microsoft.com/tenantAllowBlockList



Release blocked mails from Microsoft 365 quarantaine


Mails that are blocked in quarantaine due to the strict safe link policy can manually be accepted and sent to the user mail box:

  1. Go to https://security.microsoft.com/quarantine
  2. Search for Brainframe and check the emails to be released
  3. Click release



Full details: https://learn.microsoft.com/en-us/defender-office-365/quarantine-end-user



  1. People will now receive the emails, and be able to click on the links in our emails





Updated on: 17/10/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!