What is ATP Safe Links?

ATP Safe Links is part of Microsoft Advanced Threat Protection (ATP). This feature rewrites every URL found in an incoming email in order to redirect users through a Microsoft proxy server which checks at the time of click if the URL is safe to view.

When a URL in an email or Microsoft Office Online document is clicked, Safe Links performs a scan to determine if the hyperlink is malicious. Safe Links also scans any documents available on that link at the time of click to prevent malicious file downloads to your system.  

If the link is determined to be safe to view, you will proceed as expected; if the link is determined to contain malicious content, your are redirected to a warning page instead. 

Only incoming links are rewritten. When a user writes an email to an external party, the URLs in that message are not rewritten.

What are the benefits of ATP Safe Links?

What does ATP Safe Links look like? 

The hyperlink in every email that you receive will be rewritten and appear differently than they are currently displayed. Here is an example of a URL rewritten with ATP Safe Links

google.ie 

If messages are sent in Plain Text format, the full link will be shown in the message.

https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoogle.ie%2F&data=02%7C01%7C%7C694fab8f3de14299faa408d811f7de8a%7C766317cbe9484e5f8cecdabc8e2fd5da%7C0%7C0%7C637279103567722865&sdata=z%2FoczEPt7M1RL%2B4B2kkY%2B8XacrSoOJy%2BTGlOrn0TUQ0%3D&reserved=0 

The highlighted sections include: 

  1. na01.safelinks.protection.outlook.com/  - the Microsoft ATP proxy server 
  2. url=https%3A%2F%2Fgoogle.ie%2F& the destination web address, address ends just before &data

When you click on one of these links and the webpage is deemed malicious, you will see a warning message that prompts you to navigate away from the site.

What do I do if I see a phishing email in my inbox?

When you see a suspicious email you can use the "Report Message Feature" in Outlook and Exchange Online (preferred method) or forward the message to abuse@tudubllin.ie this is a monitored email address. When IT Services identifies a URL that is malicious, they can put the URL in a block list.

What do I do if I am blocked from accessing a legitimate website?

Contact the IT Support Centre on your campus to report any false positives, a white list is available to help manage URLs that should not be scanned.