Safe Links: Frequently Asked Questions
This article includes frequently asked questions regarding Safe Links
What is Safe Links?
LIT has enabled Microsoft Advanced Threat Protection’s Safe Links feature. This is one component of Microsoft’s strategy for protecting users from account compromise, malware, and viruses. Safe Links will allow LITS, using AI and manual intervention, to identify dangerous links in an email or Teams message and block the recipient from getting to the web page. This will help minimize the spread of common phishing attempts and web site delivered malware.
How does Safe Links Work?
Safe Links identifies all links (URL’s) in an email or Teams message and rewrites the links to direct them to a single Microsoft hosted website. When a link is clicked, Microsoft will compare the actual address with known bad addresses and analyze the site for malicious content. If the site is considered safe, the browser will be redirected to the original site. If the site is found to be malicious, the user will be directed to a web page stating the site has been blocked. (See below). Safe Links works quickly behind the scenes to help improve safety. You do not have to do anything to take advantage of the service.
With Safe Links Can I just Click on Any Link in an Email?
No, Safe Links provides an additional layer of protection, but no solution is 100% effective. You should still be cautious when clicking any link in an email.
Changes to links in email (URLs):
After links are rewritten by Safe Links, they will appear different. In HTML formatted email, hovering over the rewritten link will display “original URL” followed by the actual address.
In plain text email, you will see a long address that looks very different than the original URL. You will notice the term "safelinks" in the URL. The original address is everything between the “URL=” and “&data=” in the rewritten address. (%3A represents a colon, %F2 represents a forward slash.)
See the highlighted section below as an example. You can also paste your link into this page to decode it: https://www.o365atp.com/