Articles on: Workspace Configuration
This article is also available in:

Microsoft Defender strict safe links spam/malicious detections

Microsoft Defender strict safe links spam/malicious detections

When the "strict" safe links policy is activated in Microsoft 365, our emails and links in our emails (e.g. invite mails, work reminders, ...) are wrongly classified as malicious/spam which results in emails not even arriving in the user mailbox, but instead going into the Microsoft Defender quarantaine. When these mails are then released from quarantaine, and the user clicks on a link, they get a false message caused by Microsoft safe links, that our website is considered as malicious.


We are actively working with Microsoft to permanently solve this misclassification. In the meanwhile this article describes what can be done to avoid this behaviour by whitelisting our domain.


This documentation contains 2 key sections, please do them in this order to avoid people getting "Malicious website" message when they click on the link:

  • Configure a temporary URL whitelist rule for your tenant
  • Release blocked mails from Microsoft 365 quarantaine


Configure a temporary URL whitelist rule for your tenant


  1. As a Microsoft 365 system administrator, go to security.microsoft.com
  2. Open Investigation & response > Actions & Submissions > Submissions (https://security.microsoft.com/reportsubmission ) and click "Submit to Microsoft for analysis"

  1. On the side screen, select URL as submission type with "https://my.brainframe.com" as URL, and select "I've confirmed it's clean" and click Next

  1. Now check the "Allow this URL", and keep the default "45 days after last used date", which is the maximum you can configure.


  1. This will result in a whitelist of our application domain, which you can check on Email & Collaboration > Policies & Rules > Threat Policies > Tenant Allow/Block rules > URLs tab https://security.microsoft.com/tenantAllowBlockList



Release blocked mails from Microsoft 365 quarantaine


Mails that are blocked in quarantaine due to the strict safe link policy can manually be accepted and sent to the user mail box:

  1. Go to https://security.microsoft.com/quarantine
  2. Search for Brainframe and check the emails to be released
  3. Click release



Full details: https://learn.microsoft.com/en-us/defender-office-365/quarantine-end-user



  1. People will now receive the emails, and be able to click on the links in our emails





Updated on: 20/09/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!