Office 365 Advanced Threat Protection 101: ATP
Safe Links Policies

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

Previously, in Part 2 of this Office 365 Advanced Threat Protection 101 article series, we explored how to create ATP Safe Attachment policies and how to enable ATP protection to files in SharePoint Online, OneDrive for Business, and Microsoft Teams. Now, in this final article in our series, we will explore ATP Safe Links, which can help protect your organization by providing verification of URLs in email messages and Office documents.

With ATP Safe Links enabled, if a user clicks on a link in an email and the URL has been blocked by your organization’s custom blocked URL list or if the URL is determined to be malicious, then a warning page opens. I won’t be going into much detail about how ATP Safe Links works, as Microsoft has written a good article here.

Like the other ATP features, you’ll need to define a policy to control how ATP Safe Links protects your users.

Creating Your First ATP Safe Links Policy

Like ATP Safe Attachments, there is a default ATP Safe Links policy enabled when you purchase ATP. This default policy only offers basic protection. In this section, I’ll show you how to create a custom ATP Safe Links policy that applies to your primary mail domain and applies Safe Links to e-mails received from outside your organization and e-mails sent within the organization.

In this scenario, we’ll be creating a policy that does the following:

  • Applies to the imaginet.com domain
  • URLS are checked when a user clicks on a link
  • Apply safe links to messages sent within the organization
  • Prevent user from proceeding to unsafe URLs

Similar to my previous article on ATP Safe Attachments Policies, we’ll want to head over to the Office 365 Security & Compliance Center and go to Threat Management, then go to Policy in the side navigation bar. Then click on the ATP Safe Links tile.

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

At the Safe Links page, click on the Add button under the “Policies that apply to specific recipients” heading.

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

The new safe links policy window will open. Specify a name and description for your Safe Links policy.

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

Now, we’ll enable the following:

  • On-URLs will be rewritten and checked against a list of known mailicious links when user clicks on the link.
  • Use Safe attachments to scan downloadable content.
  • Apply Safe links to messages sent within the organization.
  • Do not let users click through safe links to original URL.
Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

If you have URLS you wish not to be rewritten, enter them here, and they will be excluded from the URL rewrite. In this scenario, I’ll be leaving this blank so all links are rewritten and scanned using safe links.

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

Lastly, we’ll apply this policy to the recipient domain imaginet.com.

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

Review these settings, and then click Save to create your first ATP Safe links policy.

How Does This Impact My Users?

With your ATP Safe Links policy turned on, users may notice that hyperlinks in e-mails they receive will contain a slightly longer URL when they hover a link.

O365

Clicking the link firsts takes you to https://na01.safelinks.protection.outlook.com but then immediately redirects you to the actual URL. If the URL has been scanned and has been determined to be safe, then you will be redirected to the original URL.

However, if the link is scanned and found to be malicious, you will be presented with this page.

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe links

ATP Safe Links just adds another layer of security in combination with ATP Anti-Phishing and ATP Safe Attachments to protect you and your users from the threats that seem to just around the corner.

In this scenario, we created a new ATP Safe Links policy and applied it to our primary mail domain; however, I do want to note that these policies should always be tested first prior to deploying them to the entire organization. I would also recommend keeping an eye on the Threat Management Dashboard after you have tested and deployed these policies in case exceptions are needed if there are too many false positives.

Need Help with Your Office 365 Advanced Threat Protection?

If you are looking to get started with Office 365 Advanced Threat Protection (ATP) and would like some professional assistance, just know that Imaginet is here for you. Our Imaginet-certified Office 365 experts can help you with any of your Office 365 initiatives. To find out more, schedule your free consultation call with Imaginet today.

Thank you for reading this post! If you enjoyed it, I encourage you to check out some of our other content on this blog. We have a range of articles on various topics that I think you’ll find interesting. Don’t forget to subscribe to our newsletter to stay updated with all of the latest information on Imaginet’s recent successful projects

discover more

Microsoft Fabric

SQL Saturday Part 2: Learning About Microsoft Fabric 

SQL Saturday Part 2: Learning About Microsoft Fabric   February 29, 2024 I’ve been digging into Microsoft Fabric recently – well overdue, since it was first released about a year ago.…

SQL Saturday

My Trip to SQL Saturday Atlanta (BI Edition): Part 1 

My Trip to SQL Saturday Atlanta (BI Edition): Part 1  February 23, 2024 Recently, I had the opportunity to attend SQL Saturday Atlanta (BI edition), a free annual event for…

Enabling Bitlocker

Enabling BitLocker Encryption with Microsoft Intune 

Enabling BitLocker Encryption with Microsoft Intune   February 15, 2024 In today’s data-driven world, safeguarding sensitive information is paramount, especially with the increase in remote work following the pandemic and the…

Let’s build something amazing together

From concept to handoff, we’d love to learn more about what you are working on.
Send us a message below or call us at 1-800-989-6022.