Forum Discussion
URL clicks not being tracked
Hi, I have url rewrite and defender EDR in the environment. It seems like clicks are missing tracking information. Both in hunting queries and the actual url and domain page show no clicks and...
Threat Explorer is near real-time, not real-time. If you are used to working with on-premises appliances then this is slower. How much slower is a good question. DZ705297 suggests that the service is not at its best at the moment, but if a click has not appeared by the following afternoon or morning then something is wrong.
If you are tracing a click via an alert or the portal then you should be able to simply copy the raw link without the wrapper. If you have to work with a wrapped mail then you only have to remove the bits at the front and the back to have the original link, thus:
https://{zone}.safelinks.protection.outlook.com/?url=
&data=05%7C02%7C{recipient address}{Safe Links tail}
If translating %3A%2F%2F is hard work then you can find de-encoders online that will do that job for you. Also remember that potentially hazardous web links should be broken for safety. Microsoft use the format [%%] in place of period characters, but there are other forms.
If you are tracing a click via an alert or the portal then you should be able to simply copy the raw link without the wrapper. If you have to work with a wrapped mail then you only have to remove the bits at the front and the back to have the original link, thus:
https://{zone}.safelinks.protection.outlook.com/?url=
&data=05%7C02%7C{recipient address}{Safe Links tail}
If translating %3A%2F%2F is hard work then you can find de-encoders online that will do that job for you. Also remember that potentially hazardous web links should be broken for safety. Microsoft use the format [%%] in place of period characters, but there are other forms.
Amazing thank youu