Most people think cybersecurity is all about firewalls, antivirus software, or the latest scary breach in the news.
But some of the most important protection happens quietly inside your inbox every single day.
Two of the most underrated and misunderstood tools I see in real environments are Safe Links and Safe Attachments.
When they’re configured properly, they stop attacks before users even realize something was wrong.
When they’re not? That’s usually when I get the call.
Why email is still the #1 attack path
Despite all the security tools out there, email is still where attackers win most often. (New Area 1 Security Research Uncovers One Million Ways Attackers Breach Office 365 Email, 2020)Why?
- Users trust email
- Attacks look legitimate
- One click is all it takes
Firewalls can’t help if the threat arrives after the email is already in your inbox. That’s when Safe Links and Safe Attachments become important.
What Safe Links actually does (in plain English)
Safe Links rewrites URLs in emails and checks them when a link is clicked, not just when the email arrives. (Complete Safe Links overview for Microsoft Defender for Office 365, 2023)Why that matters:
- Attackers often send clean links
- Hours later, the same link redirects to malware or credential theft
- Traditional filters miss this completely
Safe Links says:
“Hold on, let me check this link right now before you open it.”
If it’s malicious, the click is blocked instantly.
I’ve seen Safe Links stop:
- Fake Microsoft login pages
- DocuSign lookalikes
- Shipping notices that redirect to credential harvesters
All of this happens without the user needing to be careful.
Safe Attachments: catching threats before they land
Safe Attachments works by detonating attachments in a secure sandbox. (Safe Attachments in Microsoft Defender for Office 365, 2025)Instead of trusting the file extension or sender, it checks:
- What does this file actually do when opened?
If the attachment:
- Drops malware
- Tries to run scripts
- Reaches out to suspicious domains
it never reaches the user’s inbox.
This is huge because modern attacks often use:
- Password-protected ZIP files
- HTML attachments
- Invoice.pdf.html tricks
- Excel files with delayed payloads
Traditional AV misses all of these all the time. (Safe Attachments – NHSmail Support, 2025)
The mistake I see way too often
Here’s the uncomfortable truth:
Many organizations pay for these features but don’t enable them properly. (Safe Attachments and Safe Links Policies - Microsoft Defender for Office 365, 2021)
Common issues I run into:
- Safe Links enabled, but clicks allowed anyway
- Safe Attachments in monitor-only mode
- No user feedback or warning pages
- Exceptions added temporarily and then forgotten
From an attacker’s point of view, that’s perfect.
Do these tools replace training? No, but they buy time.
User awareness is still important.
But expecting humans to beat automation every time isn’t realistic.
Safe Links and Safe Attachments:
- Reduce human error
- Contain damage
- Turn one bad click into a non-event
They’re not flashy.
They don’t get credit.
But they quietly stop incidents that would otherwise become breaches.
Final thought
If your organization uses Microsoft Defender for Office 365 or similar email security tools, and you’re not sure how Safe Links or Safe Attachments are configured, it’s worth checking today.
Because the best security wins are the ones nobody ever hears about.
Written by Jaspreet Singh — Microsoft identity & security practitioner. Author at ITBlogs.ca. Lab notes and testing at f11.ca.
References
(October 21, 2020). New Area 1 Security Research Uncovers One Million Ways Attackers Breach Office 365 Email. PR Newswire. https://www.prnewswire.com/news-releases/new-area-1-security-research-uncovers-one-million-ways-attackers-breach-office-365-email-301157025.html
(2023). Complete Safe Links overview for Microsoft Defender for Office 365. Microsoft Defender for Office 365 | Microsoft Learn. https://learn.microsoft.com/en-us/defender-office-365/safe-links-about
(2025). Safe Attachments in Microsoft Defender for Office 365. Microsoft Learn. https://learn.microsoft.com/en-us/defender-office-365/safe-attachments-about
(2025). Safe Attachments – NHSmail Support. NHSmail Support. https://support.nhs.net/knowledge-base/safe-attachments/
(June 29, 2021). Safe Attachments and Safe Links Policies - Microsoft Defender for Office 365. YouTube video. https://www.youtube.com/watch?v=FShnxj55sP8