ATP safe links in Office 365

ATP safe links (along with ATP safe attachments) is a set of security features offered as part of Office 365 Advanced Threat Protection. ATP safe links can help protect your organization according to policies that are set by your Office 365 security administrators. Policies are set for specific people or groups, or for the entire organization. ATP safe links protection can apply to hyperlinks in email and hyperlinks in Office documents, such as Word, Excel, PowerPoint, and Visio files on Windows. To learn more, see Set up ATP safe links policies in Office 365.

Important: The ATP safe links features are only available in Advanced Threat Protection, available with Office 365 Enterprise E5. If your organization is using another Office 365 Enterprise subscription, Advanced Threat Protection can be purchased as an add-on. (As a global admin, in the Office 365 admin center, choose Billing > Add subscriptions.) For more information about plan options, see Compare All Office 365 for Business Plans. Make sure your organization is using the latest version of Office 365 ProPlus on Windows to take advantage of the extended ATP safe links features.

In this article:

How the ATP safe links feature works

As part of the Office 365 security stack, the ATP safe links feature helps prevent exposure to emerging threats. ATP safe links protection can be defined for email and for Office 365 ProPlus files (Word, Excel, PowerPoint, and Visio documents) on Windows devices.

ATP safe links in email

ATP safe links in Office documents

At a high level, here's how ATP safe links protection works for hyperlinks in email (hosted in Office 365):

  1. People receive email messages that contain hyperlinks.

  2. All email goes through Exchange Online Protection, where IP and envelope filters, signature-based malware protection, anti-spam and anti-malware filters are applied.

  3. Email arrives in people's inboxes.

  4. A user signs in to Office 365, and goes to their email inbox.

  5. The user opens an email message, and then clicks on a hyperlink in the email message.

  6. The ATP safe links feature immediately checks the link before opening the website. The link is identified as blocked, malicious, or safe.

    • If the link is to a website that is included in a custom "Do not rewrite" URLs list for a policy that applies to the user, that user is taken to the website.

    • If the link is to a website that is included in the organization's custom blocked URLs list, the user is taken to a warning page.

    • If the link is to a website that has been determined to be malicious, the user is taken to a warning page.

    • If the link goes to a downloadable file and ATP safe links policies are configured to scan such content, the downloadable file is checked.

    • If the link is determined to be safe, the user goes to the website.

At a high level, here's how ATP safe links protection works for hyperlinks in Office applications (Word, Excel, PowerPoint, and Visio) on Windows:

  1. People have installed Office 365 ProPlus on their computers running Windows.

  2. A user opens a Word, Excel, PowerPoint, or Visio, and signs in to Office 365 Enterprise using their work or school account. The document contains hyperlinks.

  3. When the user clicks on a hyperlink in the document, the link is checked by the ATP safe links service.

    • If the link is to a website that is included in a custom "Do not rewrite" URLs list for a policy that applies to the user, that user is taken to the website.

    • If the link is to a website that is included in the organization's custom blocked URLs list, the user is taken to a warning page.

    • If the link is to a website that has been determined to be malicious, the user is taken to a warning page.

    • If the link goes to a downloadable file and the ATP safe links policies are configured to scan such downloads, the downloadable file is checked.

    • If the link is considered safe, the user is taken to the website.

Office 365 global administrators, security administrators, and security analysts can view reports for Advanced Threat Protection in the Office 365 Security & Compliance Center dashboard. The information in those can help your security team take further steps to protect your organization or research security incidents.

How do we get ATP safe links protection?

The ATP safe links feature is part of Advanced Threat Protection, which is included in Office 365 Enterprise E5. Advanced Threat Protection can also be purchased as an add-on to Office 365 Enterprise E1 or Office 365 Enterprise E3. For more information about plan options, see Compare All Office 365 for Business Plans

The ATP safe links feature applies when:

How do we know if ATP safe links protection is in place?

ATP safe links policies determine whether protection applies to hyperlinks in email messages or Office documents. The following table describes some example scenarios. In all of these cases, we assume the organization has Office 365 Enterprise E5, which includes Advanced Threat Protection.

Example scenario

Does ATP safe links protection apply in this case?

Jean is a member of a group that has ATP safe links policies covering hyperlinks in email and Office documents. Jean opens a PowerPoint presentation that someone sent and then clicks a hyperlink in the presentation.

Yes. The ATP safe links policies that are defined apply to Jean's group, Jean's email, and Word, Excel, PowerPoint, or Visio documents that Jean opens.

In Chris's organization, no global or security administrators have defined any ATP safe links policies yet. Chris receives an email that contains a hyperlink to a malicious website. Chris is unaware the link is malicious and clicks the link.

Yes. A default policy is in place that covers hyperlinks for everyone in the organization.

In Pat's organization, no global or security administrators have defined or edited any ATP safe links policies yet. Pat opens a Word document and clicks a link in the file.

No. The default policy that applies to the entire organization does not include Word, Excel, PowerPoint, or Visio files unless and until a global or security administrator configures policies that include Office documents. See Set up ATP safe links policies in Office 365.

Lee's organization has a ATP safe links policy that has http://tailspintoys.com listed as a blocked website. Lee receives an email message that contains a link to http://tailspintoys.com/aboutus/trythispage. Lee clicks the link.

It depends on whether the entire site and all its subpages are included in the list of blocked URLs. See Set up a custom blocked URLs list using ATP safe links.

You can view information about how ATP safe links protection is working for your organization by viewing reports for Advanced Threat Protection.

Related topics

Office 365 Advanced Threat Protection
Set up ATP safe links policies in Office 365
ATP safe attachments in Office 365
Set up ATP safe attachments policies in Office 365
View the reports for Advanced Threat Protection
View the reports for Exchange Online Protection

Connect with an expert
Contact us
Expand your skills
Explore training

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×