Windows Advanced Threat Protection allows admins to set link filters for email messages and attachments in Outlook. Credit: Microsoft A key recommendation to ensure a secure Office 365 implementation is to scan your Outlook implementation to check for malicious links using Office 365 ATP Safe links and Office 365 ATP safe attachments. Before a user clicks on a link, the URL is rewritten to be scanned first by Microsoft scanning filters.You might have already seen this in action if you use Outlook.com or Hotmail. Office 365 allows you to enable this feature as well. ATP Safe Links features are part of Advanced Threat Protection, which is included in Office 365 Enterprise E5, Microsoft 365 Business and Microsoft 365 Enterprise. You can add protection to other 365 plans for a minimal fee.To set up a policy to explicitly block a URL for everyone in the firm, first sign in with your admin account. In the left navigation under “Threat management”, choose “Policy”. MicrosoftSetting up the ATP policiesYou can now review the policies set in both ATP Safe Attachments and ATP Safe Links. MicrosoftATP Safe Attachments and ATP Safe LinksStarting with ATP Safe Attachments, enable ATP for all the platforms you have defaults for. In this example of a Microsoft 365 E5 deployment, you will want to turn on ATP for SharePoint, OneDrive and Teams by checking the box in the implementation. MicrosoftDefault checkbox to enable protection of filesTo enable a policy for email attachments, click the “+” to add a new policy item. You can then choose to monitor, block or replace the message as you see fit. MicrosoftSetting up policy to blockHow email link filtering works in Office 365Email link filtering in Microsoft Office 365 occurs when the system is set to scan and rewrite URLs in email. This ensures that they are sent through a phishing filter first before the user is allowed to click on a link. You have probably seen the result of this process when someone resends an email and the URL links include an embedded reference to an Outlook web link.For example, rather than seeing or clicking on the link www.malciouslinks.com, you will instead see: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.maliciouslinks.com&data=02%7C01%7CSusantest%40 smallbusinesssusan.onmicrosoft.com%7C3fd031c8ec4a4e5925e908d6617f1a3c% 7C03ad8656b0e749b9a21f95b0cf1efeb4%7C1%7C0%7C636803595870882059& sdata=eXmZIWg2xY53VqgzzoA4uk0G7pEYfcHRPtTp%2FT8Mg14%3D&reserved=0 While this resulting URL might look suspicious, what the system is doing is sending the URL through a spam filtering service first and allowing you, the administrator, to know which user clicked on the link.To set up email link filtering, click on ATP Safe Links. Scroll down to “Policies that apply to specific recipients”. Click the”+” to set up a policy. Choose the sections to enable the scanning of links in emails. MicrosoftSet up the URL filtering policyIn my sample setup, I am choosing to have this apply to the entire domain. MicrosoftSetting up the entire domainChoose “Save”.Now when someone sends you an email with a link in it, the email content will be scanned to ensure it does not contain malicious content. The URL will be automatically rewritten to ensure that it is scanned and you can review the action that was taken on the emails. In my sample, you can see that some emails in our testing have been delivered, and some with the most malicious of attachments were blocked. MicrosoftSample alerts on actions taken in mailboxWith this information the administrator can take action as needed to protect the end user. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe