PowerShell Script for Safe Links Configuration in Microsoft 365
Overview
This PowerShell script configures Microsoft 365 to ensure CyberHoot phishing simulation emails are delivered correctly while keeping all real security protections fully enabled.
It addresses two required configurations:
Prerequisites
System Requirements
Permissions
PowerShell Module
Quick Start
Step 1: Download and Save the Script
Step 2: Run the Script
Windows
Step 3: Authenticate
When prompted:
Estimated time: two to five minutes
Step 4: Verify Configuration
Verify Advanced Delivery
Verify Safe Links
Script Modes
Apply Mode (Default)
Applies CyberHoot configuration to the tenant:
.\CyberHoot-M365.ps1 -Mode Apply -Verbose
Validate Mode
Performs a read-only check and reports missing configuration:
.\CyberHoot-M365.ps1 -Mode Validate -Verbose
Sample output:
Validation report:
Advanced Delivery:
Rule exists: False
Missing domains: 5
Missing IP ranges: 4
Safe Links:
Policy exists: False
Missing DoNotRewriteUrls: 5
Rollback Mode
Removes all CyberHoot related configuration:
.\CyberHoot-M365.ps1 -Mode Rollback -Verbose
Important Notes
Frequently Asked Questions
Will this affect existing security policies?
No. Only CyberHoot entries are added. All protections remain active.
Can the script be run multiple times?
Yes. Duplicate entries are not created.
Is this per user?
No. The configuration applies tenant wide.
Required Microsoft licenses?
Microsoft Defender for Office 365 Plan 1 or Plan 2, included with:
How do I remove everything later?
Run Rollback mode:
.\CyberHoot-M365.ps1 -Mode Rollback
Additional Documentation
📘 Complete Setup Guide
https://cyberhoot.com/wp-content/uploads/2026/02/CyberHoot-M365-Setup-Instructions.txt
Last Updated: February 2, 2025
Script Version: 2.0
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model...
Read more
For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...
Read more
The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
