Email Safe Links and Safe Attachments

What is this?

Office 365 ATP Safe Links along with Office 365 ATP Safe Attachments are a set of security features offered as part of Office 365 Advanced Threat Protection for enterprise organizations.

Safe Links can help protect your organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents
Safe Attachments checks to see if email attachments are malicious, and then takes action to protect your organization. 

 

How ATP Safe Links works with URLs in email

At a high level, here's how ATP Safe Links protection works for URLs in email (hosted in Office 365, not on-premises):

  1. People receive email messages, some of which contain URLs.

  2. All email goes through Exchange Online Protection, where internet protocol (IP) and envelope filters, signature-based malware protection, anti-spam and anti-malware filters are applied.

  3. Email arrives in people's inboxes.

  4. A user signs in to Office 365, and goes to their email inbox.

  5. The user opens an email message, and clicks on a URL in the email message.

  6. The ATP Safe Links feature immediately checks the URL before opening the website. The URL is identified as blocked, malicious, or safe.

    • If the URL is to a website that is included in a custom "Do not rewrite" URLs list for a policy that applies to the user, the website opens.

    • If the URL is to a website that is included in the organization's custom blocked URLs list, a warning page opens.

    • If the URL is to a website that has been determined to be malicious, a warning page opens.

    • If the URL goes to a downloadable file and your organization's ATP Safe Links policies are configured to scan such content, the downloadable file is checked.

    • If the URL is determined to be safe, the website opens.

How ATP Safe Links works with URLs in Office documents

At a high level, here's how ATP Safe Links protection works for URLs in Office 365 ProPlus applications (current versions of Word, Excel, and PowerPoint on Windows or Mac, Office apps on iOS or Android devices, Visio on Windows, OneNote Online, and Office Online):

  1. People have installed Office 365 ProPlus on their computer, smartphone, or tablet. (Or, they are using Office Online in their browser.)

  2. A user opens a Word, Excel, PowerPoint, or Visio, and signs in to Office 365 Enterprise using their work or school account. The document contains URLs.

  3. When the user clicks on a URL in the document, the link is checked by the ATP Safe Links service.

  • If the URL is to a website that is included in a custom "Do not rewrite" URLs list for a policy that applies to the user, that user is taken to the website.

  • If the URL is to a website that is included in the organization's custom blocked URLs list, the user is taken to a warning page.

  • If the URL is to a website that has been determined to be malicious, the user is taken to a warning page.

  • If the URL goes to a downloadable file and the ATP Safe Links policies are configured to scan such downloads, the downloadable file is checked.

  • If the URL is considered safe, the user is taken to the website.

 

 

How ATP Safe Attachments works in email and Sharepoint/OneDrive

The ATP Safe Attachments feature checks email attachments for people in your organization. When an ATP Safe Attachments policy is in place and someone covered by that policy views their email in Office 365, their email attachments are checked and appropriate actions are taken, based on your ATP Safe Attachments policies. Depending on how your policies are defined, people can continue working without ever knowing they were sent malicious files.

Here are two examples of ATP Safe Attachments at work.

  • Example 1: Email attachment Suppose that Lee receives an email message that has an attachment. It is not obvious to Lee whether that attachment is safe or actually contains malware designed to steal Lee's user credentials. In Lee's organization, a security administrator defined an ATP Safe Attachments policy a few days ago. With the ATP Safe Attachments feature, the email attachment is opened and tested in a virtual environment before Lee receives it. If the attachment is determined to be malicious, it will be removed automatically. If the attachment is safe, it will open as expected when Lee clicks on it.

  • Example 2: File in SharePoint Online Suppose that Jean received a file and uploaded it into a library in SharePoint Online. Jean shares the link to the file with the rest of the team, not knowing that the file is actually malicious. Fortunately, ATP for SharePoint, OneDrive, and Microsoft Teams detects the malicious file and blocks it. A few days later, Chris goes to open the document. Although Chris can see the file is there, Chris cannot open or share it, which prevents Chris's computer and others from the malicious file.

 

 

https://docs.microsoft.com/en-us/office365/securitycompliance/atp-safe-links

 

 

 

Details

Article ID: 68065
Created
Mon 12/3/18 11:21 AM
Modified
Thu 4/21/22 5:13 PM