ATP analyzes incoming email, and blocks malware and unsafe links. If a link is found to lead to a malicious web site, a warning will be displayed instead of the website. Malware attachments are removed but the message is still delivered.
Links embedded in the body of an email will be rewritten as a "safelink." The appearance of the link may vary: Plaintext URLs will be rewritten with a Safe Links wrapper and will clearly show as rewritten; For html links, the link text will be untouched even though the underlying link is also rewritten.
ATP Safe Links
ATP Safe Links rewrites the URL links in emails so that when you click on it, Microsoft’s servers direct you to a holding page where the URL is checked against a reputation database. This can be seen in Figure 1 below where the URL has been rewritten to start with “na01.safelinks.protection.outlook.com”.
Figure 1
Native Link Rendering
Microsoft is also rolling out native link rendering, which will show the original URL preceded by “Protected by Safe Links:” (Figure 2).
Figure 2
Warning Page Protection
If the URL is in the database you will see a warning page similar to the one in figure 3 and you will be blocked from accessing the site. If the URL is not in the database you will be redirected to the actual URL.
Figure 3
ATP Safe Attachments and Files
ATP safe attachments and files scans attachments and files in emails, SharePoint, and OneDrive for malware, viruses, and zero day exploits. If a file is found to be malicious the email is delivered without the attachment and a message noting that the attachment has been removed is appended to the email.
If an attachment is taking longer than normal to scan ATP will deliver the email without the attachment and the following message will be appended next to the attachment icon “ATP Scan In Progress” (see Figure 4). Once the attachment is deemed safe it will then show as a normal attachment on the email.
Figure 4
It’s important to note that while ATP is another layer of protection it is not perfect, and users should still exercise caution when clicking on links and opening files in emails, SharePoint, and One Drive.
Questions?
If you have any questions or require assistance, please submit a support ticket.