Information Technology Services
Information Technology Services

ATP Safe Links

Note: As of May 2018, ATP Safe Links applies to both internal and external emails.


What is ATP Safe Links?

ATP Safe Links is part of Microsoft Advanced Threat Protection (ATP). This feature rewrites every URL found in an incoming email in order to redirect users through a Microsoft proxy server which checks at the time of click if the URL is safe to view.

When a URL in an email or Microsoft Office Online document is clicked, Safe Links performs a scan to determine if the hyperlink is malicious. Safe Links also scans any documents available on that link at the time of click to prevent malicious file downloads to your system.  

If the link is determined to be safe to view, you will proceed as expected; if the link is determined to contain malicious content, your are redirected to a warning page instead. 

Only incoming links are rewritten. When a user writes an email to an external party, the URLs in that message are not rewritten.

What are the benefits of ATP Safe Links?

  • Because students, faculty, and staff at Queen's share many links while working on projects, Safe Links helps to prevent inadvertent access to malware through links and attachments. The solution is seamless from a user experience perspective, and the product is unobtrusive, working efficiently in the background.
  • While the content is being scanned, the URLs are rewritten to go through Office 365. The URLs are examined in real time, at the time a user clicks them. If a link is unsafe, the user is warned not to visit the site.
  • ATP provides the ability to manually block URLs. Phishing URLs in email messages do not normally contain malicious content, but have a malicious intent. This feature allows IT Services to manually block unwanted URLs to further protect the Queen's community from phishing emails.
  • ITS removes mass phishing messages from Queen's mailboxes - however this procedure does not protect users that forward their email outside of Office 365. ATP Safe Links continues to protect mail that is forwarded. When a link is blocked, it continues to be blocked even after being forwarded outside of Queen's mailboxes - providing better protection.
  • Reporting is available, so administrators can track which users clicked a phishing link and can warn them to change their password to prevent compromising their accounts.

What does ATP Safe Links look like? 

The hyperlink in every email that you receive will be rewritten and appear differently than they are currently displayed. Here is an example of a URL rewritten with ATP Safe Links 

The highlighted sections include: 

  1.  - the Microsoft ATP proxy server 
  2. ? – the destination web address, address ends just before &data= 
  3. – the email address of the recipient (your email address will only appear in emails within your own inbox)

When you click on one of these links and the webpage is deemed malicious, you will see a warning message that prompts you to navigate away from the site.

What do I do if I see a phishing email in my inbox?

When you see a suspicious email you can use the "Report Message Feature" in Outlook and Exchange Online (preferred method) or forward the message to this is a monitored email address. When IT Services identifies a URL that is malicious, they can put the URL in a block list.

What do I do if I am blocked from accessing a legitimate website?

Contact the IT Support Centre to report any false positives, a white list is available to help manage URLs that should not be scanned.

Last Updated: July 4, 2019