Office 365 Safe Links: Advanced Threat Protection

Owned by Former user (Deleted)
Last updated: May 05, 2022 by Ashley Mattingly
2 min read

Links in incoming emails are processed by Office 365 Advanced Threat Protection (ATP). ATP helps scan for malicious and suspicious content , thereby providing better spam and malware protection for email and other Office 365 services. The links are scanned in real time, thereby determining if it is a phishing link that contains harmful data. All links that has been scanned is rewritten into a URL that is in the format 'https://na01.safelinks.protection.outlook.com/'.

Safe Links Identification

When the URL is hovered over in the email, it will display the original URL. But once clicked through it will route to the new rewritten ATP URL. In Google Workspace, the rewritten link can be visible in the bottom left corner of the browser once hovered. Please note that, in plain text emails, the rewritten longer URL will be displayed as a three to four line URL in the body of the email. Hence, it is essential to use HTML format to send emails so that the original URL can be seen instead of the rewritten URL.

If the URL is not identified as suspicious, it will seamlessly redirect you to the original destination URL.

Please note that links and hyperlinks in emails should always be treated with caution especially in the case where you are asked to provide any sensitive information like a username or password.

Once the URL is clicked, it will redirect to an ATP link as shown below and then proceed to the URL if it is determined as safe:

If you receive a plain-text email, you will see the rewritten URL directly in the message body. You can use a URL decoder to convert it to the original URL.


Unsafe Links Identification

If the URL is scanned and detected as unsafe, the redirected URL will proceed to the block page as shown below.

 

Related Articles