Feb 01 2018 05:34 AM
Feb 01 2018 05:34 AM
We purchased over 3600 licenses for Microsoft Advanced Threat Protection with the hopes of protecting our accounts. In particular for if a malicious link were passed between our internal accounts we would be protected with Safelinks. I worked with Microsoft support for two weeks because all testing failed to rewrite the URL. Now I was just told by support and I Quote them saying in Ticket SRX14129695481:
The ATP Safe links is only applied for inbound traffic from external senders to internal recipients. ATP safe link will not re-write the internal emails. This is by design.
Why not have a method to protect within? It seems the perimeter is the only protection by design.
So if an account becomes compromised and becomes a source of Malware you are not protected.
Is the Marketing people aware of this?
Feb 01 2018 06:52 AM
Very interesting, this feature is actually coming to ATP soon!
First I found a mention of internal safe links from Ignite last year:
"Many users have relied on the time of click protection of Safe Links to protect end users from sophisticated threats in the form of links in emails. Now Safe Links can be enabled for internal emails to protect users from malicious links being sent within the organization."
Also noted here:
Good news, it's on the roadmap too, the release is not that far off by the looks of it!
Office 365 ATP Safe Links for Intra-Org Emails
Office 365 Advanced Threat Protection Safe Links for internal emails will enable time of click protection and functionality of Safe Links for intra-org emails. This will protect end users from malicious links in emails that are sent between users in the same organization.
Estimated Release: Q1 CY2018
Feature ID: 20552
Feb 01 2018 12:15 PM
Feb 06 2018 11:37 AM
Mar 13 2018 04:19 AM
Here is further confirmation, which answers your question I believe, from the Set up Office 365 ATP Safe Links policies article:
"Beginning in March 2018, ATP Safe Links protection is being extended to apply to email sent between people in an organization."