In a continued effort to protect Harrisburg University users, OIS has rolled out a feature within the University’s e-mail security system called Microsoft Advanced Threat Protection (ATP) Safe Links.
ATP Safe Links scans incoming e-mail for known malicious hyperlinks and for attachments containing malware. This feature rewrites scanned URLs to Microsoft’s standard URL format prefix https://nam01.safelinks.protection.outlook.com. Once a link is rewritten, it is analyzed for any potential malicious content. If categorized as malicious you will be redirected to a block page upon accessing the link in your browser. ATP Safe Links works behind-the-scenes, which means you do not need to do anything to activate or take advantage of the system.
- If the URL is determined to be safe, the website automatically opens.
- If the URL is determined to be suspicious or malicious, a warning page opens, alerting the user to the potential threat.
What does ATP Safe Links look like?
The hyperlink in email that you receive may be rewritten and appear differently than they are currently displayed. Here is an example of a URL rewritten with ATP Safe Links. While it is not required, you can always decode a safe link at https://www.o365atp.com/.
If you click on one of these links and the webpage is deemed malicious, you will see a warning message that prompts you to navigate away from the site.
If you receive Plain-Text e-mails
When ATP Safe Links detects a hyperlink in a plain-text e-mail (non-HTML), it will rewrite the URL in plain text. In this case, you will see the rewritten URL directly in the body of the e-mail. E-mails with HTML or rich text are most common, so Plain-Text rewrites will occur infrequently.
By hovering over the safe link URL you will see the original URL. Please pay attention to the URL listed when hovering, this will be the actual URL you will be visiting.
What if I am blocked from accessing a legitimate website?
Please open a support request to report any false positives, a white list is available to help manage URLs that should not be scanned.