Previously, in Part 2 of this Office 365 Advanced Threat Protection 101 article series, we explored how to create an ATP Safe Attachment policies and how to enable ATP protection to files in SharePoint Online, OneDrive for Business, and Microsoft Teams. Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe LinksNow, in this final article in our series, we will explore ATP Safe Links, which can help protect your organization by providing verification of URLS in email messages and Office documents.

With ATP Safe Links enabled, if a user clicks on a link in an email and the URL has been blocked by your organization’s custom blocked URL list or if the URL is determined to be malicious, then a warning page opens. I won’t be going into much detail how ATP Safe Links works, as Microsoft has written a good article here.

Like the other ATP features, you’ll need to define a policy to control how ATP Safe Links protects your users.

Creating Your First ATP Safe Links Policy

Like ATP Safe Attachments, there is a default ATP Safe Links policy enabled when you purchase ATP. This default policy only offers basic protection. In this section, I’ll show you how to create a custom ATP Safe Links policy that applies to your primary mail domain and applies Safe Links to e-mails received from outside your organization and e-mails sent within the organization.

In this scenario, we’ll be creating a policy that does the following:

  • Applies to the domain
  • URLS are checked when a user clicks on a link
  • Apply safe links to messages sent within the organization
  • Prevent user from proceeding to unsafe URLs

Similar to my previous article on ATP Safe Attachments Policies, we’ll want to head over to the Office 365 Security & Compliance Center and go to Threat Management, then go to Policy in the side navigation bar. Then click on the ATP Safe Links tile.

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

At the Safe Links page, click on the Add button under the “Policies that apply to specific recipients” heading.

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

The new safe links policy window will open. Specify a name and description for your Safe Links policy.

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

Now, we’ll enable the following:

  • On-URLs will be rewritten and checked against a list of known mailicious links when user clicks on the link.
  • Use Safe attachments to scan downloadable content.
  • Apply Safe links to messages sent within the organization.
  • Do not let users click through safe links to original URL.
Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

If you have URLS you wish not to be rewritten, enter them here, and they will be excluded from the URL rewrite. In this scenario, I’ll be leaving this blank so all links are rewritten and scanned using safe links.

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

Lastly, we’ll apply this policy to the recipient domain

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe Links

Review these settings, and then click Save to create your first ATP Safe links policy.

How Does This Impact My Users?

With your ATP Safe Links policy turned on, users may notice that hyperlinks in e-mails they receive will contain a slightly longer URL when they hover a link.

Clicking the link firsts takes you to but then immediately redirects you to the actual URL. If the URL has been scanned and has been determined to be safe, then you will be redirected to the original URL.

However, if the link is scanned and found to be malicious, you will be presented with this page.

Imaginet's Office 365 Advanced Threat Protection 101 series - ATP Safe links

ATP Safe Links just adds another layer of security in combination with ATP Anti-Phishing and ATP Safe Attachments to protect you and your users from the threats that seem to just around the corner.

In this scenario, we created a new ATP Safe Links policy and applied it to our primary mail domain; however, I do want to note that these policies should always be tested first prior to deploying them to the entire organization. I would also recommend keeping an eye on the Threat Management Dashboard after you have tested and deployed these policies in case exceptions are needed if there are too many false positives.

Need Help with Your Office 365 Advanced Threat Protection?

If you are looking to get started with Office 365 Advanced Threat Protection (ATP) and would like some professional assistance, just know that Imaginet is here for you. Our Imaginet certified Office 365 experts can help you with any of your Office 365 initiatives. To find out more, schedule your free consultation call with Imaginet today.


Request My Free Consultation Call


Imaginet is your trusted technology partner who turns your business innovation ideas into reality. 20+ years | 1200+ satisfied customers | 2500+ successful engagements. Primary services include Web Application Development, Mobile App Development, and SharePoint consulting services, with additional specialties in Power BI & Business Intelligence, Office 365, Azure, Visual Studio, TFS, & VSTS, Skype for Business, and more. Located in the United States (Dallas, TX) and Canada (Winnipeg, MB) with services offered worldwide. Contact us today at or 1-800-989-6022.

Roy Polvorosa

About Roy Polvorosa

Roy Polvorosa is an Imaginet Infrastructure Specialist that focuses on deploying and supporting Microsoft technologies. During his time at Imaginet, Roy has focused his infrastructure skills towards SharePoint, Office 365, and Azure cloud offerings. Roy has rich experience deploying and supporting clients that have multiple sites and a variety of support needs. Roy further extends his knowledge by supporting Imaginet internal developers and their variety of database and application servers needed to support 20+ simultaneous development projects.

Let‘s Talk.
  • Let's Talk

  • This field is for validation purposes and should be left unchanged.