Safe Links Blocks forms.office

%3CLINGO-SUB%20id%3D%22lingo-sub-1259425%22%20slang%3D%22en-US%22%3ESafe%20Links%20Blocks%20forms.office%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1259425%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20guys%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKeep%20getting%20organization's%20users%20complaining%20about%20form.office%20being%20blocked%20by%20safe%20links.%20Thought%20this%20is%20suppose%20to%20be%20scanned%20and%20I%20doubt%20if%20there's%20any%20involvement%20such%20URLs%20are%20potential%20malicious%20URL.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQuick%20option%20is%20to%20whitelist%2Fexempt%20forms.office%20URL.%20I%20do%20not%20think%20that's%20a%20good%20recommendation%20since%20some%20forms%20may%20be%20indeed%20malicious.%20I%20also%20thought%20reputation%20of%20emails%20are%20based%20on%20attributes%20such%20as%20sender%2C%20IP%20etc.%20which%20in%20this%20case%20is%20intra-org.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20suggestions%20with%20this%20new%20development%3F%20Thank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1259656%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20Blocks%20forms.office%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1259656%22%20slang%3D%22en-US%22%3E%3CP%3EReport%20the%20offending%20messages%20to%20Microsoft%2C%20so%20they%20can%20adjust%20their%20filters.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi guys,

 

Keep getting organization's users complaining about form.office being blocked by safe links. Thought this is suppose to be scanned and I doubt if there's any involvement such URLs are potential malicious URL.

 

Quick option is to whitelist/exempt forms.office URL. I do not think that's a good recommendation since some forms may be indeed malicious. I also thought reputation of emails are based on attributes such as sender, IP etc. which in this case is intra-org.

 

Any suggestions with this new development? Thank you.

5 Replies

Report the offending messages to Microsoft, so they can adjust their filters.

Thanks so much @Vasil Michev,

That has been done, through submission of the URL not to be blocked. However, just wondering why the filter decided to flag newly created forms or probably flagged the URL domain (*forms.office.com*). Plus, the message (email) wasn't flagged phishing until the safe links blocked access to the URL (forms).

@OlaOwolabi We have the same here. Where do you whiteliste and more important, where to report this URL to Microsoft?

 

Thx in advance!

Hi @chrisd303 

 

User can report email as phishing. Alternatively, admin can report URL or email phishing / malware (or Not-Phishing) through the Microsoft SCC portal > Threat Management > Submissions.

 

Though not recommended, to whitelist URL - check out below Microsoft doc / Section (look out for Do not rewrite the following URLs);

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-po...

 

 

@OlaOwolabi 

 

Thx for your prompt feedback. Gone for the whitelist as a quick fix and also submitted to MS in SCC. Great support!