Forum Discussion
ATP Safe Links - Legitimate OneDrive for Business links and Deep Links
ATP Safe Links is blocking legitimate OneDrive for Business links shared by our users internally. We recently had a compromised user which was blocked by the anti-spam rules as expected. The...
Abhishek_Agrawal thank you.
The support ticket got closed and the issue was resolved by the back-end team. We had to temporarily whitelist the root URL with wildcards to disable ATP link wrapping to at least get the work going. Once resolved, we removed the whitelist. We also did a submission on root URL in the threat center, but that was marked as "completed" and we don't know what happened behind the submission nor whether that was even worthwhile! The entire process took 3-4 days.
However, it still is a mystery to me as to how in the first place ATP can block the root URL of OneDrive (https://org-my.sharepoint.com) instead of blocking the entire actual URL?
Was there a risk by whitelisting yourselves that Defender might not block the maliciously embedded site in OneDrive? I agree with you - Defender did a great job protecting you from an internal threat - and then over-compensated by blocking internal legit sharing.