Can ATP re-write URLs in a hybrid scenario?

This is a very interesting question!

I have spent a bit trying to replicate this and see what I could find, as I could not anwser this off the top of my head. I do allot of hybrid deployments with my clients, so know how this works with most filtering, I have just never specificly testing the malicious link aspect.

In short, you are in scenario 3 here - https://technet.microsoft.com/en-us/library/e1da5f2f-c732-4010-85c9-878b2cef3fb3(v=exchg.150)#scenario3

You would have a connector in place, and that connector would enable mail flow. 

Unfortunately I did not find anything conclusive on the ATP side of the house. I do know from testing and documentation that even with a connector, EOP will still do such tasks as malware/spam filtering, as well as more advanced compliance asks. Ultimately from my understanding the connector just shields you from blacklisting, but the filtering still happens.

"This connector enables Office 365 to scan your email for spam and malware, and to enforce compliance requirements such as running data loss prevention policies. When your email server sends all email messages directly to Office 365, your own IP addresses are shielded from being added to a spam block list. To complete the scenario, you might need to configure your email server to send messages to Office 365."

With that said, logically I would say yes, ATP should still work. But this is just my extrapalation from my own testing and previous experience. I do not have a malicious link to test with ><

Sorry this was not conclusive, but hopefully this mesh's with your own thoughts on the matter and gives you a bit more confidence.

-Adam