cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Advanced Threat Protection Issue

David Kamp
Brass Contributor

‎Feb 01 2018 05:34 AM - last edited on ‎Feb 07 2023 07:44 PM by

‎Feb 01 2018 05:34 AM - last edited on ‎Feb 07 2023 07:44 PM by

Advanced Threat Protection Issue

We purchased over 3600 licenses for Microsoft Advanced Threat Protection with the hopes of protecting our accounts. In particular for if a malicious link were passed between our internal accounts we would be protected with Safelinks.  I worked with Microsoft support for two weeks because all testing failed to rewrite the URL.  Now I was just told by support and I Quote them saying in Ticket SRX14129695481:

 

The ATP Safe links is only applied for inbound traffic from external senders to internal recipients. ATP safe link will not re-write the internal emails. This is by design.

 

Wow!

Why not have a method to protect within? It seems the perimeter is the only protection by design.

So if an account becomes compromised and becomes a source of Malware you are not protected.

 

  Is the Marketing people aware of this?

David

 

Labels:
3,805 Views
1 Like
4 Replies
Reply
4 Replies
Cian Allner

‎Feb 01 2018 06:52 AM

‎Feb 01 2018 06:52 AM

Re: Advanced Threat Protection Issue

Very interesting, this feature is actually coming to ATP soon!

 

First I found a mention of internal safe links from Ignite last year:

 

"Many users have relied on the time of click protection of Safe Links to protect end users from sophisticated threats in the form of links in emails. Now Safe Links can be enabled for internal emails to protect users from malicious links being sent within the organization."

 

Also noted here

 

Internal Safe Links ATP.png

 

Good news, it's on the roadmap too, the release is not that far off by the looks of it!

 

Office 365 ATP Safe Links for Intra-Org Emails

 

Office 365 Advanced Threat Protection Safe Links for internal emails will enable time of click protection and functionality of Safe Links for intra-org emails. This will protect end users from malicious links in emails that are sent between users in the same organization.

 

Estimated Release: Q1 CY2018

 

Feature ID: 20552

1 Like
Reply
David Kamp

‎Feb 01 2018 12:15 PM

‎Feb 01 2018 12:15 PM

Re: Advanced Threat Protection Issue

Cian
If you have it, please do a quick and easy test.
Send a test account or Co-Worker within the same Federation a message and add a few URL's. Let us know if when the recipient gets the message, when you hover the mouse over the URL, it should show a re-written URL to safelinks. Or if a link is blocked in the configuration, if you click it, it should give you a Website Blocked Page.
I would really love to use this but I was told it only checks at the perimeter not within the federation domain.
David
0 Likes
Reply
David Kamp

‎Feb 06 2018 11:37 AM

‎Feb 06 2018 11:37 AM

Re: Advanced Threat Protection Issue

FYI Update:
I was told by Support that the Safe Links feature will be available Q1 2018 for Internal to internal accounts. referencing the Roadmap in the Link at the end.

Support sent me this info:
We have checked with our advisors again and confirmed that Safe Links does not work internally. As discussed earlier, I have searched and found below article which states that Office 365 ATP Safe Links for Intra-Org Emails is in development.
• Office 365 Roadmap
https://products.office.com/en-us/business/office-365-roadmap?filters=%26freeformsearch=Advanced%20t...

0 Likes
Reply
Cian Allner

‎Mar 13 2018 04:19 AM

‎Mar 13 2018 04:19 AM

Re: Advanced Threat Protection Issue

Here is further confirmation, which answers your question I believe, from the Set up Office 365 ATP Safe Links policies article:

 

"Beginning in March 2018, ATP Safe Links protection is being extended to apply to email sent between people in an organization."

0 Likes
Reply