Previously, in Part 2 of this Office 365 Advanced Threat Protection 101 article series, we explored how to create an ATP Safe Attachment policies and how to enable ATP protection to files in SharePoint Online, OneDrive for Business, and Microsoft Teams. Now, in this final article in our series, we will explore ATP Safe Links, which can help protect your organization by providing verification of URLS in email messages and Office documents.
With ATP Safe Links enabled, if a user clicks on a link in an email and the URL has been blocked by your organization’s custom blocked URL list or if the URL is determined to be malicious, then a warning page opens. I won’t be going into much detail how ATP Safe Links works, as Microsoft has written a good article here.
Like the other ATP features, you’ll need to define a policy to control how ATP Safe Links protects your users.
Creating Your First ATP Safe Links Policy
Like ATP Safe Attachments, there is a default ATP Safe Links policy enabled when you purchase ATP. This default policy only offers basic protection. In this section, I’ll show you how to create a custom ATP Safe Links policy that applies to your primary mail domain and applies Safe Links to e-mails received from outside your organization and e-mails sent within the organization.
In this scenario, we’ll be creating a policy that does the following:
- Applies to the imaginet.com domain
- URLS are checked when a user clicks on a link
- Apply safe links to messages sent within the organization
- Prevent user from proceeding to unsafe URLs
Similar to my previous article on ATP Safe Attachments Policies, we’ll want to head over to the Office 365 Security & Compliance Center and go to Threat Management, then go to Policy in the side navigation bar. Then click on the ATP Safe Links tile.
At the Safe Links page, click on the Add button under the “Policies that apply to specific recipients” heading.
The new safe links policy window will open. Specify a name and description for your Safe Links policy.
Now, we’ll enable the following:
- On-URLs will be rewritten and checked against a list of known mailicious links when user clicks on the link.
- Use Safe attachments to scan downloadable content.
- Apply Safe links to messages sent within the organization.
- Do not let users click through safe links to original URL.
If you have URLS you wish not to be rewritten, enter them here, and they will be excluded from the URL rewrite. In this scenario, I’ll be leaving this blank so all links are rewritten and scanned using safe links.
Lastly, we’ll apply this policy to the recipient domain imaginet.com.
Review these settings, and then click Save to create your first ATP Safe links policy.
How Does This Impact My Users?
With your ATP Safe Links policy turned on, users may notice that hyperlinks in e-mails they receive will contain a slightly longer URL when they hover a link.
Clicking the link firsts takes you to https://na01.safelinks.protection.outlook.com but then immediately redirects you to the actual URL. If the URL has been scanned and has been determined to be safe, then you will be redirected to the original URL.
However, if the link is scanned and found to be malicious, you will be presented with this page.
ATP Safe Links just adds another layer of security in combination with ATP Anti-Phishing and ATP Safe Attachments to protect you and your users from the threats that seem to just around the corner.
In this scenario, we created a new ATP Safe Links policy and applied it to our primary mail domain; however, I do want to note that these policies should always be tested first prior to deploying them to the entire organization. I would also recommend keeping an eye on the Threat Management Dashboard after you have tested and deployed these policies in case exceptions are needed if there are too many false positives.
Need Help with Your Office 365 Advanced Threat Protection?
If you are looking to get started with Office 365 Advanced Threat Protection (ATP) and would like some professional assistance, just know that Imaginet is here for you. Our Imaginet certified Office 365 experts can help you with any of your Office 365 initiatives. To find out more, schedule your free consultation call with Imaginet today.
Imaginet is your trusted technology partner who turns your business innovation ideas into reality. 20+ years | 1200+ satisfied customers | 2500+ successful engagements. Primary services include Web Application Development, Mobile App Development, and SharePoint consulting services, with additional specialties in Power BI & Business Intelligence, Office 365, Azure, Visual Studio, TFS, & VSTS, Skype for Business, and more. Located in the United States (Dallas, TX) and Canada (Winnipeg, MB) with services offered worldwide. Contact us today at firstname.lastname@example.org or 1-800-989-6022.