IT Configuration Guide

The Issue

Microsoft 365 Safe Links pre-scans URLs in emails for security purposes. This can inadvertently consume one-time login tokens before users click them, causing authentication failures.

URL to Whitelist

Configuration Steps

Option 1: Safe Links Policy

1. Go to Microsoft 365 Defender
2. Navigate to Policies & rules → Threat policies → Safe Links
3. Select your Safe Links policy (or create one if needed)
4. Under URL & click protection settings, find "Do not rewrite the following URLs"
5. Add: https://provider-support.simbryotech.com/api/auth/callback*
6. Save the policy

Option 2: Tenant-wide Allow List

1. Go to Policies & rules → Threat policies → Tenant Allow/Block Lists
2. Select the URLs tab
3. Click Add and enter the URL above
4. Set to Allow

Why This Is Safe

• This URL is our authentication callback endpoint only
• It doesn't host any browsable content
• The wildcard (*) covers only the callback path, not the entire domain