cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Safe Links - Report on users to have attempted to click on a malicious link

Antonio13286
New Contributor

‎Jul 04 2019 08:09 PM

‎Jul 04 2019 08:09 PM

Safe Links - Report on users to have attempted to click on a malicious link

Hi - How can I find out who has clicked on a link that was blocked?

 

There was an obvious spam email doing the rounds, and I'd like to know who has fallen for it?

 

Thanks

 

Labels:
6,404 Views
1 Like
6 Replies
Reply
6 Replies
Christopher Hoard

‎Jul 04 2019 09:45 PM

‎Jul 04 2019 09:45 PM

Re: Safe Links - Report on users to have attempted to click on a malicious link

Hi @Antonio13286,

You can use Get-UrlTrace

https://docs.microsoft.com/en-us/powershell/module/exchange/advanced-threat-protection/get-urltrace?...

As described in the article, this is designed to determine who clicked through to a malicious web site in the past 7 days. To note, it’s currently limited to 7 days

Hope that answers your question!

Best, Chris
0 Likes
Reply
Antonio13286

‎Jul 04 2019 11:53 PM

‎Jul 04 2019 11:53 PM

Re: Safe Links - Report on users to have attempted to click on a malicious link

Thanks Adam. I’ve had a look through the dashboards, but can’t find any reports that specifically list the users?
0 Likes
Reply
Antonio13286

‎Jul 04 2019 11:55 PM

‎Jul 04 2019 11:55 PM

Re: Safe Links - Report on users to have attempted to click on a malicious link

Thanks Chris, I’ve run that command, but still not getting the results. There’s some users whom I know got the blocking page, but they didn’t show up?
0 Likes
Reply
adam deltinger

‎Jul 05 2019 12:02 AM

‎Jul 05 2019 12:02 AM

Re: Safe Links - Report on users to have attempted to click on a malicious link

Be aware that this command only goes 7 days back!
1 Like
Reply
Christopher Hoard

‎Jul 05 2019 12:12 AM

‎Jul 05 2019 12:12 AM

Re: Safe Links - Report on users to have attempted to click on a malicious link

That’s right!

And if you have specific users you think clicked through have you tried the full command as shown in the example for particular users -

Get-UrlTrace -RecipientAddress "michelle@contoso.com" -StartDate "5/9/2016" -EndDate "5/11/2016"

Best, Chris
0 Likes
Reply