CISA.MS.EXO.15.1 - URL comparison with a block-list SHOULD be enabled.
Overviewβ
URL comparison with a block-list SHOULD be enabled.
Rationale: Users may be directed to malicious websites via links in email. Blocking access to known, malicious URLs can prevent users from accessing known malicious websites.
Remediation action:β
- Sign in to Microsoft 365 Defender.
- In the left-hand menu, go to Email & Collaboration > Policies & Rules.
- Select Threat Policies.
- From the Templated policies section, select Preset Security Policies.
- Under either Standard protection or Strict protection, select Manage protection settings.
- Select Next until you reach the Apply Defender for Office 365 protection page.
- On the Apply Defender for Office 365 protection page, select All recipients.
- (Optional) Under Exclude these recipients, add Users and Groups to be exempted from the preset policies.
- Select Next on each page until the Review and confirm your changes page.
- On the Review and confirm your changes page, select Confirm.
Related linksβ
- Defender admin center - Preset security policies
- CISA 15 Link Protection - MS.EXO.15.1
- CISA ScubaGear Rego Reference
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | CISA.MS.EXO.15.1 |
| Severity | Medium |
| Suite | CISA |
| Category | exchange |
| PowerShell test | Test-MtCisaSafeLink |
| Tags | CISA, CISA.MS.EXO.15.1, MS.EXO, MS.EXO.15.1 |
Sourceβ
- Pester test:
tests/cisa/exchange/Test-MtCisaSafeLink.Tests.ps1 - PowerShell source:
powershell/public/cisa/exchange/Test-MtCisaSafeLink.ps1