Safe Links: Frequently Asked Questions

This article includes frequently asked questions regarding Safe Links

What is Safe Links?

LIT has enabled Microsoft Advanced Threat Protection’s Safe Links feature. This is one component of Microsoft’s strategy for protecting users from account compromise, malware, and viruses. It will allow DoTS, using AI and manual intervention, to identify dangerous links in an email and block the recipient from getting to the web page. This will help minimize the spread of common phishing attempts and web site delivered malware.

How does Safe Links Work?

Safe Links identifies all links (URL’s) in an email and rewrites the links to direct them to a single Microsoft hosted website. When a link is clicked, Microsoft will compare the actual address with known bad addresses and analyze the site for malicious content. If the site is considered safe, the browser will be redirected to the original site. If the site is found to be malicious, the user will be directed to a web page stating the site has been blocked. (See below).   Safe Links works quickly behind the scenes to help improve safety. You do not have to do anything to take advantage of the service.


Safelinks Error message

With Safe Links Can I just Click on Any Link in an Email?

No, Safe Links provides an additional layer of protection, but no solution is 100% effective. You should still be cautious when clicking any link in an email.

Changes to links in email (URLs):

After links are rewritten by Safe Links, they will appear different. In HTML formatted email, hovering over the rewritten link will display “original URL” followed by the actual address.

In plain text email, you will see a long address that looks very different than the original URL. You will notice the term "safelinks" in the URL. The original address is everything between the “URL=” and “&data=” in the rewritten address. (%3A represents a colon, %F2 represents a forward slash.) 

See the highlighted section below as an example. You can also paste your link into this page to decode it: https://www.o365atp.com/


Safelinks URL


How Can I Report a Suspicious Email?

Selecting Report Message in Microsoft Outlook will allow you to report any email message as junk or phishing. When you report an email using the Report Message button, the message will be removed from your inbox and send it to Microsoft to help train our system to block similar email in the future. It will also send a copy to the helpdesk to help us better understand active phishing activity.

Report a Message in Outlook Add on

If you receive a phishing email and simply viewed the content, please report it using this feature. If you entered your username or password through a link in the email, or, if you opened and attempted to edit a Microsoft Office file attached to a suspicious email, please contact the helpdesk directly.




Keywords:Safe Links safelinks email URL   Doc ID:88008
Owner:Heidi C.Group:UW Stout
Created:2018-11-28 09:48 CDTUpdated:2020-03-09 15:28 CDT
Sites:UW Stout
Feedback:  0   0