Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

Advanced Delivery - can't see URL clicks


We have used Advanced Delivery for a few phishing simulations and it is nice to have all the components in one place. We used to whitelist the URLs in Exchange so they were not blocked by ATP. Now that we are using Advanced Delivery, I can't see the employees that clicked the URL link from the email anymore. I used to be able to see this when it was whitelisted in Exchange. I have a ticket open with Microsoft but it has been 2 weeks and no answers so far. Is anyone else having this issue or can you see the URL clicks for whitelisted URLs? Is this by design with this new feature?

4 Replies
I heard back from Support. They said I need to whitelist the URL in safe links and Advanced Delivery or just safe links in order to see the clicks. The click will not register if only listed in Advanced Delivery.
Hey, I am also working on getting the data of UrlClickedEvents. But I am unable to fetch the data
Is there any configuration for getting the data or can you please define the flow of getting this schema data
Thanks in advance!
What is the error when you try to fetch the data? I would recommend ensuring you have the proper AAD permissions assigned so you can see the data, and also review the article here (which has a sample query):

With the proper permissions, the KQL query that is listed within this article is a good starting place for reviewing the "UrlClickEvents" data within the schema. Remember though, you will only have 30 days of data available as that is all that would be retained.
Error code while fetching data via Api is 401. I am using E5 trail account of office 365 and also i am unable to get the data via UI. Is there any other permissions i am unaware. Can you please walk through the permissions needed.
Also I think when any malware url is clicked in the specified email then this schema is invoked. So, tried it too but unable to fetch it.