cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Advanced Delivery - can't see URL clicks

Michelle Proper
Brass Contributor

‎Jan 19 2022 03:39 PM

‎Jan 19 2022 03:39 PM

Advanced Delivery - can't see URL clicks

We have used Advanced Delivery for a few phishing simulations and it is nice to have all the components in one place. We used to whitelist the URLs in Exchange so they were not blocked by ATP. Now that we are using Advanced Delivery, I can't see the employees that clicked the URL link from the email anymore. I used to be able to see this when it was whitelisted in Exchange. I have a ticket open with Microsoft but it has been 2 weeks and no answers so far. Is anyone else having this issue or can you see the URL clicks for whitelisted URLs? Is this by design with this new feature?

2,560 Views
0 Likes
4 Replies
Reply
4 Replies
Michelle Proper

‎Feb 10 2022 03:42 PM

‎Feb 10 2022 03:42 PM

Re: Advanced Delivery - can't see URL clicks

I heard back from Support. They said I need to whitelist the URL in safe links and Advanced Delivery or just safe links in order to see the clicks. The click will not register if only listed in Advanced Delivery.
0 Likes
Reply
king-02

‎Nov 16 2022 04:21 AM

‎Nov 16 2022 04:21 AM

Re: Advanced Delivery - can't see URL clicks

Hey, I am also working on getting the data of UrlClickedEvents. But I am unable to fetch the data
Is there any configuration for getting the data or can you please define the flow of getting this schema data
Thanks in advance!
0 Likes
Reply
adamfarage

‎Nov 16 2022 08:51 AM

‎Nov 16 2022 08:51 AM

Re: Advanced Delivery - can't see URL clicks

What is the error when you try to fetch the data? I would recommend ensuring you have the proper AAD permissions assigned so you can see the data, and also review the article here (which has a sample query): https://learn.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-urlclickevents-ta...

With the proper permissions, the KQL query that is listed within this article is a good starting place for reviewing the "UrlClickEvents" data within the schema. Remember though, you will only have 30 days of data available as that is all that would be retained.
0 Likes
Reply
king-02

‎Nov 16 2022 09:01 PM

‎Nov 16 2022 09:01 PM

Re: Advanced Delivery - can't see URL clicks

Error code while fetching data via Api is 401. I am using E5 trail account of office 365 and also i am unable to get the data via UI. Is there any other permissions i am unaware. Can you please walk through the permissions needed.
Also I think when any malware url is clicked in the specified email then this schema is invoked. So, tried it too but unable to fetch it.
0 Likes
Reply