Home

Advanced Threat Protection (ATP) is ruining Outlook.com

Highlighted
Brian .
Occasional Contributor

Advanced Threat Protection (ATP) is ruining Outlook.com

About a week ago, I noticed that all URLs were suddenly extremely long/obscure, and beginning with something like: https://nam02.safelinks.protection.outlook.com/?url=

 

It destroys the URL visibility experience.

 

I quickly realized that this was an Office 365 (E5) feature called ATP, but I'm not talking about Office 365 here but rather the consumer Outlook.com site.

 

I need to find out if we're going to be able to disable this, and when.

 

It's unbelievable that MS just foisted it on us, since it's not even in the vast majority of Office 365 plans!  I realize that some people have been seeing it longer than one week.

51 Replies

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

It is terrible!  I understand and appreciate the attempt to reduce the risk of phishing and malicious attacks, but they screwed up my primary method of avoiding them!  Now, with the extra-long "safelinks.protection.outlook.com" link replacement, I don't feel safe clicking on any link! This is a major step backwards and a huge hindrance to my ability to determine if a message is legitimate (or a phishing attack) and if a link is safe or not.  This "improvement" makes the product worse.  Plus, it will probably cause more problems in the long run if it gives people a false sense of security that they will be protected if they click on a malicious link when (not "if") someone figures out how to imitate and hack the system so their malicious links look like the safe one.  Unfortunately, this complaint will more than likely fall on deaf ears -- talking to Microsoft often is as effective as talking to a brick wall.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

This is now confirmed in today's announcement- Premium Outlook.com features now available to Office 365 subscribers:

 

For Office 365 Home and Office 365 Personal subscribers, we now offer additional security against the most sophisticated types of threats in two ways:

 

  • Scanning attachments—Sophisticated techniques detect new types of malware previously not seen, giving you protection against today’s most advanced threats.
  • Checking links—When you click a link in an email, it is checked in real-time to determine if the destination website is likely to download viruses or malware onto your computer. If the site is found to be malicious, a warning screen alerts you not to access the site.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

To add here is the page with more details - Advanced Outlook.com security for premium subscribers. The included FAQ says this about disabling these features and it also confirms the behaviour you are seeing:

 

Can I deactivate these security features?

 

To provide the best protection for your account, these features are on by default and not designed to be turned off. You can contact our customer service team via in-product support to have them deactivate the features on your behalf, but we do not recommend it.

 

Why do links in my messages look different?

 

After you activate the advanced security features, links in your email might look different. For example, in some messages links might appear longer than usual, and include text such as "na01.safelinks.protection.outlook.com." This is related to the checks we perform to protect you from phishing attacks.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Are we supposed to assume that Microsoft will GUARANTEE that ALL the URL links that they replace with their " https://nam02.safelinks.protection.outlook.com/?url=" are SAFE for me to click on?  If that is not the case, then Microsoft has made things worse.  I want to see some official documentation from Microsoft that says Microsoft certifies and guarantees that the URL links that they replace are 100% safe (now and in the future).  Again, Microsoft is a rude company for changing something so important without any kind of notification or opt-out capability.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

You can opt-out of this per the info I posted earlier if it's really too much and then you won't get these types of links anymore. 

 

Bear in mind this is a feature that's been around for years on the commercial side of Office 365, that's very much trusted.  I know the links look a bit odd and it may seem strange but this is adding a level of protection that only comes with the top of the range Enterprise edition of Office 365 and will keep customers, now including consumers better protected from cyber-threats.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Lol...

DNj3q_UV4AYTtJ1.jpg

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Absolutely agree that this has completely stuffed up my outlook. I run a hotmail.com account and a work Office 365 account and all this has done has driven me to gmail (maybe that was the idea). 

 

Height of arrogance to turn this on with no ability to turn it off. e.g. I cant click on a facebook, linkedin link. 

 

Please turn it off. 

Tony 

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

In fact I get no warning message to make a decision. This is what I get back

This page can’t be displayed

•Make sure the web address https://nam02.safelinks.protection.outlook.com is correct.
•Look for the page with your search engine.
•Refresh the page in a few minutes.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Past years, Microsoft was taunting Google to read the emails of their users with "Gmail Man".
But today, Microsoft modifies the emails of their users without asking.

 

At least, it could have been like a post modification in the ui... but even with other mail client, the urls are ruined.

 

Just... why ?!

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Another Microsoft disaster ! I have been asking them to switch this off for my account for 3 weeks now, with no action.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

The "why" is easy. If you look at the advertisement for this feature to corporations, at https://products.office.com/en-us/exchange/online-email-threat-protection?irgwc=1&clickid=wvJ1wuSUzz...

 

you'll find:

"Get rich reporting and track links in messages

Gain critical insights into who is being targeted in your organization and the category of attacks you are facing. Reporting and message trace allow you to investigate messages that have been blocked due to unknown viruses or malware, while URL trace capability allows you to track individual malicious links in the messages that have been clicked."

 

I wonder, for all non-corporate entities on the Office365 platform, who gets access to the message link tracking and rich reporting data?

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Looks like it doesn't work - I've spent 30 minutes trying to see if an email link is safe due to the new safelink address making it unreadable. So I read this https://blogs.office.com/en-us/2017/10/30/premium-outlook-com-features-now-available-to-office-365-s... and assumed I would get a warning if the link was not legitimate. h**s://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fisasj9ber25gfspqybdnd23dl8tgo.whatsappsec.club&data=02%7C01%7Csimonbannister%40hotmail.co.uk%7Cec72a33f54c949f3d1a808d532556ed0%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636470264862145789&sdata=a%2BwuT4xNMaVWMDrbdmDvlxPXfNjDaeBYFEgtxaHoXts%3D&reserved=0

Turns out this is hosted by http://carpentiericorrado.com/ and not WhatsApp.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Besides obscuring the url, these extra long links get broken on my Android device, so when I click on the link I get a page error. It forces me to use my laptop instead of my mobile.

But wait! there is another solution.

I am switching back to making Gmail my primary email account. 

Ah yes, sanity has been restored. Once again I can see the link, I can click on it, and it opens on my phone without waiting forever, and getting a broken page link.

Microsoft, give me the power to decide please. I want to choose what happens to my links.


@Brian Fumo wrote:

About a week ago, I noticed that all URLs were suddenly extremely long/obscure, and beginning with something like: https://nam02.safelinks.protection.outlook.com/?url=

 

It destroys the URL visibility experience.

 

I quickly realized that this was an Office 365 (E5) feature called ATP, but I'm not talking about Office 365 here but rather the consumer Outlook.com site.

 

I need to find out if we're going to be able to disable this, and when.

 

It's unbelievable that MS just foisted it on us, since it's not even in the vast majority of Office 365 plans!  I realize that some people have been seeing it longer than one week.


 

Re: Advanced Threat Protection (ATP) is ruining Outlook.com


@Cian Allner wrote:

This is now confirmed in today's announcement- Premium Outlook.com features now available to Office 365 subscribers:

 

For Office 365 Home and Office 365 Personal subscribers, we now offer additional security against the most sophisticated types of threats in two ways:

 

  • Scanning attachments—Sophisticated techniques detect new types of malware previously not seen, giving you protection against today’s most advanced threats.
  • Checking links—When you click a link in an email, it is checked in real-time to determine if the destination website is likely to download viruses or malware onto your computer. If the site is found to be malicious, a warning screen alerts you not to access the site.


@Cian Allner wrote:

This is now confirmed in today's announcement- Premium Outlook.com features now available to Office 365 subscribers:

 

For Office 365 Home and Office 365 Personal subscribers, we now offer additional security against the most sophisticated types of threats in two ways:

 

  • Scanning attachments—Sophisticated techniques detect new types of malware previously not seen, giving you protection against today’s most advanced threats.
  • Checking links—When you click a link in an email, it is checked in real-time to determine if the destination website is likely to download viruses or malware onto your computer. If the site is found to be malicious, a warning screen alerts you not to access the site.

i want to disable the new sec urity features.i cannot access some job invoices which i have to complete

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Wished I had not got up this morning. 

Office 365 Home user.

Any link from an email in Outlook now gives me:

Can’t connect securely to this page

This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.

 

Can directly connect to the relevant page without problem - using edge - how do I fix this 'new feature' of ATP?

 

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Fixed it - I hope.

 

Changed the default browser to IE and problem went away.

Changed default back to Edge and did not return.

 

URL now changed, goes to safelinks etc and then switches to normal url.

 

Back to the rest of the day.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

I'm still waiting for a method to disable this abject failure of Outlook/Office 365 "ATP". It obfuscates links in all emails - making it impossible for me to evaluate the trustworthiness of a link, while preventing me from navigating to legitimate and necessary web sites!  I have a SIGNIFICANT amount of time invested in this product and a LOT of data under its management. My frustration level is rising to an unprecedented level over something very easy for Microsoft to fix!

 

Out of nowhere - Microsoft decided to completely change the operational model of interaction with links in emails and released it without providing users with a way to disable this "feature" if it causes them usability problems - like in my case - where it has completely hobbled my ability to navigate to needed web sites!!!

 

Microsoft...!!! Come on... wake up and listen to totally valid and reasonable requests to allow long-time paying customers of this product to undo this mess you foisted on us... please!

 

Respectfully,

Jeff TX

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

  1. how do I disable it

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

"You can contact our customer service team via in-product support to have them deactivate the features on your behalf, but we do not recommend it."

How do I do that?

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Exactly, Microsoft's Safe Link technology is plain simple a bad approach to phishing. Whoever thought this was a good idea is an imbe#@%@ and should not be put as a decision maker regarding mail security. This should be opt-in and with a fast and easy way to enable/disable.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

This ATP facility has blocked EVERY link in my hotmail accounts. The only way around it is to remove from the Browser adddress the Microsoft ATP prefix code.....up to the HTTP://  point where your web address starts.   in other words, REMOVE ...https://nam02.safelinks.protection.outlook.com/

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

I DO NOT WANT ATP ON MY SYSTEM - I CAN GET NO ACCESS TO PREVIOUSLY BONA FIDE Http, i.e. internet weblinks. CAN SOMEBODY PLEASE ADVISE AS TO HOW I CAN EITHER REMOVE, OR NEAUTRALISE, ATP

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Hi,  Here might be the solution provided by Microsoft = this worked for me !!!

 

Run PSR....instructions below.....

 

As soon as I followed this instruction the problem went away :)

 

Outlook Support

February 18, 2018, 02:18 +0000

Hi Peter,

Thank you for sharing additional information regarding the issue. For us to isolate the issue, I would like to request for a screenshot and grab a PSR (Problem Screen Recorder) to investigate the issue further:

Here are the steps you can follow in getting the PSR:
1. On your keyboard, press “Windows Key” and “R” simultaneously. (Windows key is located on the lower left of your keyboard, in between of the Ctrl and Alt)
2. A pop-up will appear on your screen
3. Type "PSR" without quotation marks and hit enter
4. Click Start and reproduce the issue that you are facing with the Outlook.com on the browser
5. When done, click on stop record and save the log file to your desktop
6. Kindly attach the log file to this email before sending so that we investigate it for you.

I will wait for your response together with the PSR. Thank you!

Regards,
Lichner D. – Outlook.com Support

 

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

See the solution described below by Peter Gorton, provided by Microsoft. Nutshell.....run PSR instructions given below.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

How does capturing a PSR and sending it to Outlook.com support fix the issue with the ATP "safelinks"?  What problem of yours was solved?  

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Please tell me how to contact them as I have tried every possible way I know and it always renders a chat option to which I click and the chat box just spins then gives same CV:xxx error code each time. This new way of changing my links has become horrid for my end users and clients as a simple www.mikesprotech. com link even in my email signature looks horrid not to mention as an IT Admin this is teaching users bad habits of simply trusting long links which resemble the ones Microsoft creates. Most people are not going to analyze the link closely enough nor may not know how or what all to look for.

If anything, Microsoft can examine the link and simply put a trust mark or something beside the ORIGINAL link rather than have an email with several links all garbled up looking not to mention how this service is going to affect links in emails which are stored in backups then accessed months/years later.

 

PLEASE PLEASE PLEASE give me a link or information on how to contact Microsoft to have this disabled.

 

Thanks for your sharing of information on the chat board. 

It is the most useful Ive found online so far.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Are you on Office 365? This is on the roadmap, and most likely coming to consumer Outlook also.

Removal of Safe Links Re-write for Outlook Client(s)

For users using Outlook, Safe Links will render the original URL and not show the re-written URL. This will enable users to view the original link that arrives in an email.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

I’ve had my hotmail account for years and yes I have Office 365 Personal edition, I use Outlook 2016 when at PC but mainly apple mail on iPad and iPhone when on the go which is most of the time. I will try sending links from outlook and see if it does not change them, should it not change the links I suppose I’ll have to use outlook email client on my mobile devices yet I should not have to nor should this service be forced on me or any user which as I said earlier teaches users bad habits of trusting these long links which hackers will easily catch on and change one piece of the code then re direct users incorrectly. This is the worst move I’ve seen MS do in quite some time now.

 I did not notice these links changing till a month or two ago when a client I work with brought to my attention as I had sent him an email with several links to different products he had asked me to compare (I’m IT Admin for local law firm and own my own small IT ontract company).

 

After finding this article this weekend, I’ve tried to find a way to contact Microsoft and only get the chat option (no option to email them to request them to remove this).

 

Perhaps its due to the weekend and no one is answering their chat service which just opens the chat box, spins and then gives an error code “CV:xxx”. 

 

If anyone has a way I can contact MS as the lady in this post suggest, please let me know.

 

Otherwise i’ll Attempt to contact them during the week next week once again.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

I'm reading that alot of people are upset about this change and well, yes it is a little harder to easily read the URL, but this is a really good thing people.  Microsoft is really attempting to protect its customers, for free, in the same way that other major (Gartner Magic Quadrant) vendors/providers are for a very high cost.  

 

If you'd like a quick and simple URL decoder, I've posted one here that I distributed to my work and posted to the Intranet for staff/employees to use.

 

Decode Safelinks: Link

 

Request: One thing I would like if some MS MVP or ATP guru could tell me, what does each of the tokens (Data and Pipes '|' like "02|01|myemail@address.com|cfad9384a1804ef230af08d593f8b95b|0662477dfa0c4556a8f5c3bc62aa0d9c|0|0|636577618830257637") in the parameter string mean.  Is this information useful to IT that would enable us to discern more about the URL provided?

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

It may be good if it worked consistently and correctly identified all malicious links, but it misses some so cannot be replied upon - That's why reading the URL is important to us who are complaining.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

I want to turn this function off on all computer logons


@Peter Gorton UK wrote:
See the solution described below by Peter Gorton, provided by Microsoft. Nutshell.....run PSR instructions given below.

There is no link below.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Possible solution.....

 

1. On your keyboard, press “Windows Key” and “R” simultaneously. (Windows key is located on the lower left of your keyboard, in between of the Ctrl and Alt)
2. A pop-up will appear on your screen 
3. Type "PSR" without quotation marks and hit enter

 

This was all I needed to do for the problem to go away.

 

However, if the problem remains, 


4. Click Start and reproduce the issue that you are facing with the Outlook.com on the browser
5. When done, click on stop record and save the log file to your desktop
6. Kindly attach the log file to an email and send it to Outlook Support so they can investigate it for you.

 

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Peter, you keep posting this information about using the PSR program to capture a log file and it has nothing to do with the issue we are all having.  Microsoft has replaced the links to external internet sites and documents with their "safe links" in all our received Outlook email messages and, because the new links are obscure, it makes it nearly impossible for us to see the original link so that we can make our own judgment as to whether the link is "safe" or not.  There is NOTHING to be gained by capturing some kind of log (and who do you suggest we send it to?).  Collecting a log WILL NOT fix the problem (as you imply with "This was all I needed to do for the problem to go away").  If you do not understand the problem and you don't understand that your "suggestion" is worthless, then please quit posting it.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Just Post the fix to this VERY BIG problem then. People here are desperately helping, trying things based upon the answers they perceive from phone support in order to share with the broader community.

 

If no resolution is posted it is taken as an answer that has no value.

 

Phoning in to support each single time is two hours, and a person scrambling to talk with others, hold time and a hang up. No call back. Not even a credit card from me to establish a Support Case number, resolution, remote assistance or follow up. 

 

You can see how frustrated we all are with Microsoft Support here and by phone.

 

Michael Leary

Sr. Systems Analyst

Microsoft Registered Partner since 1995

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Thanks Peter for your contribution.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Since I have two premium paid msn accounts, several live and hotmail accounts, three gmail and one Yahoo all sub'd to the .edu Office365 account (outlook 2016) setup to get all email and then backed up weekly I am a power user for sure. My email is long in years and heavy in content and why as an IT admin since Dos 2.0 and a registered MS partner since 95 I have some stuff I just cannot lose continuity with.

 

This will take some time I assume. I am going to open a case and pay if necessary to see if I can get all of it changed. I turned off some stuff in Defender as well that may have been related to Cloud. There are other community posts 'Disable Defender Advanced Threat Protection' and another 'ATP safe links policies somehow applied to Hotmail now?'

 

This is largely hard for Outlook support to handle it seems and some very very angry customers. Some support people in Outlook support have no clue. I think that is why my 2 hour support calls get hung up.

 

It seems a permission on the cloud side that users cannot set to off. See the links for a Powershell Remove-SafeLinksPolicy...

 

Note. I also just received an email about the "Outlook Team [right] has enabled premium features for Office365 subscribers, including no ads and advanced email security."

 

I think I just got bit by the oh cr@p fairy. My Webroot has always surpased my wildest security concerns along with Spybot S&D and weekly Defender. 

 

Grey and Whitelisting takes up slack. I really can see why Edge, Chrome and IE are now so slow and choking my CPU's to make my laptops freeze. I hard shut down daily and save work every time I make change. It is insane.

 

Seems we are hostages.

 

More today. ...

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Don't forget this "faux" link gives Microsoft the ability to insert a "Man-In-The-Middle" attack. Or in the very least, the ability to scan/read every mail. The Gov has always had this ability at the POP in DCs, that's one thing. However, we were not given a choice to have information circumvented to a private company.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

They re activate this feature on my account.... AAAAAAAAAAaaaaaaaaaaa T-T

Maybe this time they will not spent 28 days to deactivate it

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

You are offering a decoder for links we shouldn't need to decode?

Here's my problem: The URL with "safelinks" in it doesn't tell me anything about the link. Is it a link to an adult site called cuddly kittens or a site featuring pictures of cats? I'll have no clue until I click because the URL has been replaced.

Other vendors that scan emails insert a message informing the reader it was scanned. If a malware is found the email is deleted and the message is replaced with one that states that. No obfuscation of links. Either you get it intact or you don't.

 

 

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Still no proper way to disable this BS? That's why I hate Microsoft!

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

The number of ways MS is crapping on its users are too many to keep track of. 
One of the worst was when I joined the Insider Program for Windows 10. I ended up with no OS at all on my computer because it erased my Win8.1 license and as a reward for participating I got an invalid Win10 Pro license. They didn't even hold their end of the deal. And MS themselves said I have myself to blame for using their software. Their words, not mine.
Or what about when they disabled the support for hotmail in Windows Live Mail? Why stop users from using the "in house" mail service? 

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

If this BS was really supposed to help us, why are they letting through all this crap in my inbox. The inbox rules only work intermittently and often they end up in the junk mail folder. And the junk mail with its "approved links" end up in my inbox. Approved links that go straight to spammers and phishing attempts.
No MS. Go back to the drawing board. This is not good enough. At least I could hover the links before to see if htey were scam or not. Today the number of successful scams will rise tenfold. And it will all be due to Microsoft "Security".

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Call me paranoid, but MS reads every URL that is sent to me in an e-mail, and through Safe Links now knows every URL on which I actually click? Sounds like a great data mining opportunity to me. They may pass the URL through a screen to check it, but I just don't believe they don't also track the URLs I follow. I can't (easily) copy the URL and paste it into my browser to prevent that because now it passes first through an MS server before directing me to the real URL. Sad.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Dear paranoid?,
For a few years now Microsoft will occasionally send me an email that has a couple buttons on it that reads
Is this:
SPAM
NOT SPAM

I can see the content, it might be one that was sent to me or not.

If it looks like SPAM and I select that button it loads in the browser of choice and only has a CLOSE button. You then click that and it:
Closes that web page tab
Deletes the email.

It's clearly watching what the link does in that browser page as it loads and it contains its actions.

It was a MS Partner program I was asked to volunteer on years ago and it's an old hotmail account that generates tons of spam [1999 era].

I don't get any feedback, but I guess I'm helping. But it's all automated. Usually a couple a month.

I'm not paranoid until things slooow waaay dooowwnn.

The links we are addressing in THIS post kinda work against a black list database and is mostly automated but can generate metrics on data that can be determined to be suspicious. That probably helps to maintain the black list. I doubt anyone is reading your stuff, (there would need to be alot of bored MS email reading employees) but then again if it's evil you really don't want it functioning on your end.

My concern originally with THIS post was that it slows down browsers and eats up cpu and time.

I chose to turn all of my many MS email accounts off from the routing function in THIS post except that one old hotmail account. I now know MS has that OFF switch on each account as they manage the email servers they are protecting. If you ask them nicely and follow the steps they will turn it off. Then it's up to you to protect yourself.

Cheers

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Talking to Microsoft is like talking to a brick wall? This is an insult to brick walls everywhere! How dare you!

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Do not like!

I’m a user of Cisco SpamCop and any email I determine is spam/phishing gets reported.

This “safelink” appears in an email and I’m trying decipher if it is as safe as it appears to be, or not.

Even I, the suspicious careful checker, thought “this looks different but genuine”!!

Absolutely not. After working to see what the real email sender’s intended URL is, then I follow through with my usual redirect checks and find the final destination is another Canada Pharmacy site in a “.ru” domain,

How do we switch OFF this unhelpful “service” Microsoft? (I have a hotmail.com address and review my emails using the native Apple iOS mail app on my phone, and AltaMail to get at the mail headers)

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

You have to contact support to get them to turn it off. If at first contact they claim to not know what you're talking about, be persistent. I did this late last year.

https://support.office.com/en-us/article/advanced-outlook-com-security-for-office-365-subscribers-88...

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Looks like that worked. Thanks

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Microsoft has ruined my experience in OUTLOOk.  What possessed M$ to come up with such a cluttered behavior?  As a retired engineer I am more and more frustrated by M$ changes thrust on us without notice before hand.