Advanced Threat Protection (ATP) is ruining Outlook.com

Brian .
Occasional Contributor

Advanced Threat Protection (ATP) is ruining Outlook.com

About a week ago, I noticed that all URLs were suddenly extremely long/obscure, and beginning with something like: https://nam02.safelinks.protection.outlook.com/?url=


It destroys the URL visibility experience.


I quickly realized that this was an Office 365 (E5) feature called ATP, but I'm not talking about Office 365 here but rather the consumer Outlook.com site.


I need to find out if we're going to be able to disable this, and when.


It's unbelievable that MS just foisted it on us, since it's not even in the vast majority of Office 365 plans!  I realize that some people have been seeing it longer than one week.

14 Replies

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

It is terrible!  I understand and appreciate the attempt to reduce the risk of phishing and malicious attacks, but they screwed up my primary method of avoiding them!  Now, with the extra-long "safelinks.protection.outlook.com" link replacement, I don't feel safe clicking on any link! This is a major step backwards and a huge hindrance to my ability to determine if a message is legitimate (or a phishing attack) and if a link is safe or not.  This "improvement" makes the product worse.  Plus, it will probably cause more problems in the long run if it gives people a false sense of security that they will be protected if they click on a malicious link when (not "if") someone figures out how to imitate and hack the system so their malicious links look like the safe one.  Unfortunately, this complaint will more than likely fall on deaf ears -- talking to Microsoft often is as effective as talking to a brick wall.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Unfortunately this seems to be a pretty standard implementation for the sandboxing feature.  It's used similarly by Proofpoint and Mimecast in similar fashions.  HOWEVER, it seems as though all companies have a visibility item on their roadmap to make the experience better.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

This is now confirmed in today's announcement- Premium Outlook.com features now available to Office 365 subscribers:


For Office 365 Home and Office 365 Personal subscribers, we now offer additional security against the most sophisticated types of threats in two ways:


  • Scanning attachments—Sophisticated techniques detect new types of malware previously not seen, giving you protection against today’s most advanced threats.
  • Checking links—When you click a link in an email, it is checked in real-time to determine if the destination website is likely to download viruses or malware onto your computer. If the site is found to be malicious, a warning screen alerts you not to access the site.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

To add here is the page with more details - Advanced Outlook.com security for premium subscribers. The included FAQ says this about disabling these features and it also confirms the behaviour you are seeing:


Can I deactivate these security features?


To provide the best protection for your account, these features are on by default and not designed to be turned off. You can contact our customer service team via in-product support to have them deactivate the features on your behalf, but we do not recommend it.


Why do links in my messages look different?


After you activate the advanced security features, links in your email might look different. For example, in some messages links might appear longer than usual, and include text such as "na01.safelinks.protection.outlook.com." This is related to the checks we perform to protect you from phishing attacks.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Are we supposed to assume that Microsoft will GUARANTEE that ALL the URL links that they replace with their " https://nam02.safelinks.protection.outlook.com/?url=" are SAFE for me to click on?  If that is not the case, then Microsoft has made things worse.  I want to see some official documentation from Microsoft that says Microsoft certifies and guarantees that the URL links that they replace are 100% safe (now and in the future).  Again, Microsoft is a rude company for changing something so important without any kind of notification or opt-out capability.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

You can opt-out of this per the info I posted earlier if it's really too much and then you won't get these types of links anymore. 


Bear in mind this is a feature that's been around for years on the commercial side of Office 365, that's very much trusted.  I know the links look a bit odd and it may seem strange but this is adding a level of protection that only comes with the top of the range Enterprise edition of Office 365 and will keep customers, now including consumers better protected from cyber-threats.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

'a rude company',  ok!


again, no surprise that this has been rolled out to everyone.  All the other major enterprise competitors have the feature enabled by default.  The question still remains to Microsoft though on an advanced tooltip that shows the 'original' link.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com



Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Absolutely agree that this has completely stuffed up my outlook. I run a hotmail.com account and a work Office 365 account and all this has done has driven me to gmail (maybe that was the idea). 


Height of arrogance to turn this on with no ability to turn it off. e.g. I cant click on a facebook, linkedin link. 


Please turn it off. 


Re: Advanced Threat Protection (ATP) is ruining Outlook.com

In fact I get no warning message to make a decision. This is what I get back

This page can’t be displayed

•Make sure the web address https://nam02.safelinks.protection.outlook.com is correct.
•Look for the page with your search engine.
•Refresh the page in a few minutes.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Past years, Microsoft was taunting Google to read the emails of their users with "Gmail Man".
But today, Microsoft modifies the emails of their users without asking.


At least, it could have been like a post modification in the ui... but even with other mail client, the urls are ruined.


Just... why ?!

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Another Microsoft disaster ! I have been asking them to switch this off for my account for 3 weeks now, with no action.

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

The "why" is easy. If you look at the advertisement for this feature to corporations, at https://products.office.com/en-us/exchange/online-email-threat-protection?irgwc=1&clickid=wvJ1wuSUzz...


you'll find:

"Get rich reporting and track links in messages

Gain critical insights into who is being targeted in your organization and the category of attacks you are facing. Reporting and message trace allow you to investigate messages that have been blocked due to unknown viruses or malware, while URL trace capability allows you to track individual malicious links in the messages that have been clicked."


I wonder, for all non-corporate entities on the Office365 platform, who gets access to the message link tracking and rich reporting data?

Re: Advanced Threat Protection (ATP) is ruining Outlook.com

Looks like it doesn't work - I've spent 30 minutes trying to see if an email link is safe due to the new safelink address making it unreadable. So I read this https://blogs.office.com/en-us/2017/10/30/premium-outlook-com-features-now-available-to-office-365-s... and assumed I would get a warning if the link was not legitimate. h**s://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fisasj9ber25gfspqybdnd23dl8tgo.whatsappsec.club&data=02%7C01%7Csimonbannister%40hotmail.co.uk%7Cec72a33f54c949f3d1a808d532556ed0%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636470264862145789&sdata=a%2BwuT4xNMaVWMDrbdmDvlxPXfNjDaeBYFEgtxaHoXts%3D&reserved=0

Turns out this is hosted by http://carpentiericorrado.com/ and not WhatsApp.