cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Safe Links Advanced Threat protection.

Robert Woods
Steel Contributor

‎Sep 12 2016 03:15 PM

‎Sep 12 2016 03:15 PM

Safe Links Advanced Threat protection.

When a safe links policy is applied and users follow a suspect link, users are shown a webpage informing them that the link they are trying to follow is malicious. If the recipient’s safe links policy has been configured to allow the user to go through, that user is given the option to continue to the site.

____________________________________________________________________________________________________________________________

From the article mentioned above I would expect that an malicious link would be reformatted, and when an end user clicks the link, they would be redirected to a warning site letting them know the content in the link is "Suspect". Today one of our users got an email with a link to a Suspect site, and although in the body of the email the link was reformatted, when clicking on it we go directly to the Suspect site, and not to a warning page letting us know the link is suspect.

 

Does this mean that the link is not malicious? Should we be redirected to a warning site when clicking on a link formatted like this?

 

safelinks.PNG

Labels:
3,600 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by VI_Migration (Silver Contributor)
Brent Ellis

‎Sep 13 2016 08:25 AM

‎Sep 13 2016 08:25 AM

Solution

Re: Safe Links Advanced Threat protection.

ALL links are reformatted (using the safe links) -- unless you whitelist them.

 

There is nothing in the email itself that indicates that the link is good or bad.  It is only checked at the time the link is actually clicked.

 

Since it goes through to website, it just means Microsoft hasnt caught on yet that it is a bad link.

1 Like
Reply
Victor Ungureanu

‎Sep 16 2016 01:54 AM

‎Sep 16 2016 01:54 AM

Re: Safe Links Advanced Threat protection.

As Brent said, you are redirected to a warning page only if, at the time when the link was clicked, the URL is considered suspect. If the link is not suspect, then there is no reason to alter the user experience.

 

Keep in mind that, for a specific link, the behavior might change depending on the point in time when the link was clicked and how it was evaluated by Microsoft at that specific time.

0 Likes
Reply
Robert Woods

‎Sep 16 2016 08:45 AM

‎Sep 16 2016 08:45 AM

Re: Safe Links Advanced Threat protection.

A way to report that the link should have been marked as suspect would be nice. Anything like that?

0 Likes
Reply
Eric Starker

‎Aug 02 2019 10:23 AM

‎Aug 02 2019 10:23 AM

Re: Safe Links Advanced Threat protection.

@Robert Woods I've removed the previous official response as it's out of date.

 

File the item under https://docs.microsoft.com/en-us/office365/securitycompliance/admin-submission and then get feedback there.

 

If that doesn't solve the issue, feel free to open a support ticket.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by VI_Migration (Silver Contributor)
Brent Ellis

‎Sep 13 2016 08:25 AM

‎Sep 13 2016 08:25 AM

Solution

Re: Safe Links Advanced Threat protection.

ALL links are reformatted (using the safe links) -- unless you whitelist them.

 

There is nothing in the email itself that indicates that the link is good or bad.  It is only checked at the time the link is actually clicked.

 

Since it goes through to website, it just means Microsoft hasnt caught on yet that it is a bad link.

View solution in original post

1 Like
Reply