Advanced Threat Protection (ATP) is ruining

Bronze Contributor

About a week ago, I noticed that all URLs were suddenly extremely long/obscure, and beginning with something like:


It destroys the URL visibility experience.


I quickly realized that this was an Office 365 (E5) feature called ATP, but I'm not talking about Office 365 here but rather the consumer site.


I need to find out if we're going to be able to disable this, and when.


It's unbelievable that MS just foisted it on us, since it's not even in the vast majority of Office 365 plans!  I realize that some people have been seeing it longer than one week.

73 Replies
Exactly, Microsoft's Safe Link technology is plain simple a bad approach to phishing. Whoever thought this was a good idea is an imbe#@%@ and should not be put as a decision maker regarding mail security. This should be opt-in and with a fast and easy way to enable/disable.

This ATP facility has blocked EVERY link in my hotmail accounts. The only way around it is to remove from the Browser adddress the Microsoft ATP prefix code.....up to the HTTP://  point where your web address starts.   in other words, REMOVE ...


Hi,  Here might be the solution provided by Microsoft = this worked for me !!!


Run PSR....instructions below.....


As soon as I followed this instruction the problem went away :)


Outlook Support

February 18, 2018, 02:18 +0000

Hi Peter,

Thank you for sharing additional information regarding the issue. For us to isolate the issue, I would like to request for a screenshot and grab a PSR (Problem Screen Recorder) to investigate the issue further:

Here are the steps you can follow in getting the PSR:
1. On your keyboard, press “Windows Key” and “R” simultaneously. (Windows key is located on the lower left of your keyboard, in between of the Ctrl and Alt)
2. A pop-up will appear on your screen
3. Type "PSR" without quotation marks and hit enter
4. Click Start and reproduce the issue that you are facing with the on the browser
5. When done, click on stop record and save the log file to your desktop
6. Kindly attach the log file to this email before sending so that we investigate it for you.

I will wait for your response together with the PSR. Thank you!

Lichner D. – Support


See the solution described below by Peter Gorton, provided by Microsoft. PSR instructions given below.

How does capturing a PSR and sending it to support fix the issue with the ATP "safelinks"?  What problem of yours was solved?  

Please tell me how to contact them as I have tried every possible way I know and it always renders a chat option to which I click and the chat box just spins then gives same CV:xxx error code each time. This new way of changing my links has become horrid for my end users and clients as a simple www.mikesprotech. com link even in my email signature looks horrid not to mention as an IT Admin this is teaching users bad habits of simply trusting long links which resemble the ones Microsoft creates. Most people are not going to analyze the link closely enough nor may not know how or what all to look for.

If anything, Microsoft can examine the link and simply put a trust mark or something beside the ORIGINAL link rather than have an email with several links all garbled up looking not to mention how this service is going to affect links in emails which are stored in backups then accessed months/years later.


PLEASE PLEASE PLEASE give me a link or information on how to contact Microsoft to have this disabled.


Thanks for your sharing of information on the chat board. 

It is the most useful Ive found online so far.

Are you on Office 365? This is on the roadmap, and most likely coming to consumer Outlook also.

Removal of Safe Links Re-write for Outlook Client(s)

For users using Outlook, Safe Links will render the original URL and not show the re-written URL. This will enable users to view the original link that arrives in an email.

I’ve had my hotmail account for years and yes I have Office 365 Personal edition, I use Outlook 2016 when at PC but mainly apple mail on iPad and iPhone when on the go which is most of the time. I will try sending links from outlook and see if it does not change them, should it not change the links I suppose I’ll have to use outlook email client on my mobile devices yet I should not have to nor should this service be forced on me or any user which as I said earlier teaches users bad habits of trusting these long links which hackers will easily catch on and change one piece of the code then re direct users incorrectly. This is the worst move I’ve seen MS do in quite some time now.

 I did not notice these links changing till a month or two ago when a client I work with brought to my attention as I had sent him an email with several links to different products he had asked me to compare (I’m IT Admin for local law firm and own my own small IT ontract company).


After finding this article this weekend, I’ve tried to find a way to contact Microsoft and only get the chat option (no option to email them to request them to remove this).


Perhaps its due to the weekend and no one is answering their chat service which just opens the chat box, spins and then gives an error code “CV:xxx”. 


If anyone has a way I can contact MS as the lady in this post suggest, please let me know.


Otherwise i’ll Attempt to contact them during the week next week once again.

I'm reading that alot of people are upset about this change and well, yes it is a little harder to easily read the URL, but this is a really good thing people.  Microsoft is really attempting to protect its customers, for free, in the same way that other major (Gartner Magic Quadrant) vendors/providers are for a very high cost.  


If you'd like a quick and simple URL decoder, I've posted one here that I distributed to my work and posted to the Intranet for staff/employees to use.


Decode Safelinks: Link


Request: One thing I would like if some MS MVP or ATP guru could tell me, what does each of the tokens (Data and Pipes '|' like "02|01||cfad9384a1804ef230af08d593f8b95b|0662477dfa0c4556a8f5c3bc62aa0d9c|0|0|636577618830257637") in the parameter string mean.  Is this information useful to IT that would enable us to discern more about the URL provided?

It may be good if it worked consistently and correctly identified all malicious links, but it misses some so cannot be replied upon - That's why reading the URL is important to us who are complaining.

I want to turn this function off on all computer logons

@Peter Gorton UK wrote:
See the solution described below by Peter Gorton, provided by Microsoft. PSR instructions given below.

There is no link below.

Possible solution.....


1. On your keyboard, press “Windows Key” and “R” simultaneously. (Windows key is located on the lower left of your keyboard, in between of the Ctrl and Alt)
2. A pop-up will appear on your screen 
3. Type "PSR" without quotation marks and hit enter


This was all I needed to do for the problem to go away.


However, if the problem remains, 

4. Click Start and reproduce the issue that you are facing with the on the browser
5. When done, click on stop record and save the log file to your desktop
6. Kindly attach the log file to an email and send it to Outlook Support so they can investigate it for you.


Peter, you keep posting this information about using the PSR program to capture a log file and it has nothing to do with the issue we are all having.  Microsoft has replaced the links to external internet sites and documents with their "safe links" in all our received Outlook email messages and, because the new links are obscure, it makes it nearly impossible for us to see the original link so that we can make our own judgment as to whether the link is "safe" or not.  There is NOTHING to be gained by capturing some kind of log (and who do you suggest we send it to?).  Collecting a log WILL NOT fix the problem (as you imply with "This was all I needed to do for the problem to go away").  If you do not understand the problem and you don't understand that your "suggestion" is worthless, then please quit posting it.

Just Post the fix to this VERY BIG problem then. People here are desperately helping, trying things based upon the answers they perceive from phone support in order to share with the broader community.


If no resolution is posted it is taken as an answer that has no value.


Phoning in to support each single time is two hours, and a person scrambling to talk with others, hold time and a hang up. No call back. Not even a credit card from me to establish a Support Case number, resolution, remote assistance or follow up. 


You can see how frustrated we all are with Microsoft Support here and by phone.


Michael Leary

Sr. Systems Analyst

Microsoft Registered Partner since 1995

Thanks Peter for your contribution.

Since I have two premium paid msn accounts, several live and hotmail accounts, three gmail and one Yahoo all sub'd to the .edu Office365 account (outlook 2016) setup to get all email and then backed up weekly I am a power user for sure. My email is long in years and heavy in content and why as an IT admin since Dos 2.0 and a registered MS partner since 95 I have some stuff I just cannot lose continuity with.


This will take some time I assume. I am going to open a case and pay if necessary to see if I can get all of it changed. I turned off some stuff in Defender as well that may have been related to Cloud. There are other community posts 'Disable Defender Advanced Threat Protection' and another 'ATP safe links policies somehow applied to Hotmail now?'


This is largely hard for Outlook support to handle it seems and some very very angry customers. Some support people in Outlook support have no clue. I think that is why my 2 hour support calls get hung up.


It seems a permission on the cloud side that users cannot set to off. See the links for a Powershell Remove-SafeLinksPolicy...


Note. I also just received an email about the "Outlook Team [right] has enabled premium features for Office365 subscribers, including no ads and advanced email security."


I think I just got bit by the oh cr@p fairy. My Webroot has always surpased my wildest security concerns along with Spybot S&D and weekly Defender. 


Grey and Whitelisting takes up slack. I really can see why Edge, Chrome and IE are now so slow and choking my CPU's to make my laptops freeze. I hard shut down daily and save work every time I make change. It is insane.


Seems we are hostages.


More today. ...

Don't forget this "faux" link gives Microsoft the ability to insert a "Man-In-The-Middle" attack. Or in the very least, the ability to scan/read every mail. The Gov has always had this ability at the POP in DCs, that's one thing. However, we were not given a choice to have information circumvented to a private company.

They re activate this feature on my account.... AAAAAAAAAAaaaaaaaaaaa T-T

Maybe this time they will not spent 28 days to deactivate it

You are offering a decoder for links we shouldn't need to decode?

Here's my problem: The URL with "safelinks" in it doesn't tell me anything about the link. Is it a link to an adult site called cuddly kittens or a site featuring pictures of cats? I'll have no clue until I click because the URL has been replaced.

Other vendors that scan emails insert a message informing the reader it was scanned. If a malware is found the email is deleted and the message is replaced with one that states that. No obfuscation of links. Either you get it intact or you don't.