ITS

Information Technology Services
Information Technology Services

Link Scanning

What is Link Scanning?  

Link Scanning is part of Microsoft Advanced Threat Protection (ATP). This feature rewrites every URL found in an email in order to redirect users through a Microsoft proxy server which checks at the time of click if the URL is safe to view.

When a URL in an email or Microsoft Office Online document is clicked, Link Scanning performs a scan to determine if the hyperlink is malicious. Link Scanning also scans any documents available on that link at the time of click to prevent malicious file downloads to your system.  

If the link is determined to be safe to view, you will proceed as expected; if the link is determined to contain malicious content, your are redirected to a warning page instead.  

Note: Link Scanning only rewrites links in emails from sources outside of Queen's University; Link Scanning does not currently protect internal emails.  

 

What are the benefits of Link Scanning?

Because students, faculty, and staff at Queen's share many links while working on projects, Link Scanning helps to prevent inadvertent access to malware through links and attachments. The solution is seamless from a user experience perspective, and the product is unobtrusive, working efficiently in the background.

While the content is being scanned, the URLs are rewritten to go through Office 365. The URLs are examined in real time, at the time a user clicks them. If a link is unsafe, the user is warned not to visit the site or informed that the site has been blocked. Reporting is available, so administrators can track which users clicked a malicious link and when they clicked it.

 

What does Link Scanning look like? 

The hyperlink in every email that you receive will be rewritten and appear differently than they are currently displayed. Here is an example of a URL rewritten with ATP Link Scanning: 

https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fci.office.net%2Fapi%2Femailcount%3Flid%3D1a44b413-1866-4cda-9a96-2bf58474a914%26tid%3D51d75f6a-dc1b-4263-9b42-62614f399eb8&data=02%7C01%7CNETID%40queensu.ca%7C3a749337155a4e4f0df108d4a139fcd7%7Cd61ecb3b38b142d582c4efb2838b925c%7C1%7C0%7C636310717800979766&sdata=0Od9u%2FR3RMtozlIWDcX8WCDVJHg1B7CW0Y7B1niBbok%3D&reserved=0 

The highlighted sections include: 

  1. na01.safelinks.protection.outlook.com/  - the Microsoft ATP proxy server 
  2. ?url=http%3A%2F%2Fci.office.net%2Fapi%2Femailcount – the destination web address, address ends just before &data= 
  3. NETID%40queensu.ca – the email address of the recipient (your email address will only appear in emails within your own inbox)

When you click on one of these links and the webpage is deemed malicious, you will see a warning message that prompts you to navigate away from the site:

ATP example of a malicious link warning

 

 

Last Updated: July 13, 2017

Tags: