Office 365 Advanced Threat Protection Safe Links

Office 365 Advanced Threat Protection Safe Links

Safe Links is a part of Advanced Threat Protection from Office 365 that provides time-of-click verification to an URL.

This feature helps you rewrite every URL found in an coming email in order to redirect users through a Microsoft proxy server which checks when clicking in the link to validate if the URL is safe or not.

When an URL in an email or Microsoft Office Online document is clicked, Safe Links runs a scan to determine if the hyperlink is malicious. Safe Links also scans any documents available on that link at the time of click to prevent malicious file downloads to your system.

The hyperlink will look like the following:

Office 365 ATP Safe Links

If the link is determined to be safe, you will proceed as expected; if the link is determined to contain malicious content, you are redirected to a warning page instead, and then, the block page would look similar to the image below:

Office 365 ATP Safe Links

If you want to learn more about how ATP Safe Links works, click here.

What Type of License do you need? 

First, make sure your subscription includes Office 365 Advanced Threat Protection Plan 1 or Plan 2.
Office 365 ATP is included in subscriptions, such as Microsoft 365 Enterprise E5, Microsoft 365 Business Premium, Office 365 Enterprise E5, and Office 365 Education A5. If your organization has a Microsoft 365 subscription that does not include Office 365 ATP, you can potentially purchase ATP as an add-on.

For more information, see the following resources:

How to Set Up Office 365 ATP Safe Links Policies?

For you to get started with your ATP safe links set up, make sure you have the necessary permissions to define (or Edit) ATP Policies, Office 365 global administrators or security administrators, have all permissions and privileges, security readers can view reports for Advanced Threat Protection.

The information in these reports can help your security team take further steps to protect your organization or research security incidents.

  • After that, with the appropriate account, go to and sign in with your work or school account. In the left navigation menu, go under Threat management, select Policy > ATP Safe Links.


  • Go to the policies section and select Default, and then click in Edit (the Edit button resembles a pencil).
  • Then block the following URLs section, specify one or more URLs that you want to prevent people in your organization from visiting.. At first, you might not have any URLs listed there.

For more information about how to Set up a custom blocked URLs list using ATP Safe Links, click here.Settings that apply to content except

  • Then go under the Settings that apply to content except email section, and select (or clear) the options you want to use. (We recommend that you select all the options.)
  • And then click Save

After you have reviewed (or edited) the default ATP Safe Links policy that applies to everyone, your next step is to define additional policies that would apply to all or specific email recipients. For example, you can specify exceptions to your default policy by defining an additional policy or create more granular restrictions for all employees.

  • Then go to In the left navigation menu, and under Threat management, select Policy. Then click Safe Links.
  • In the policies that apply to specific recipients section, choose New (the New button resembles a plus sign ( +)).

policies that apply to specific recipients

I hope you found useful all the information I’ve shared in today’s blog post about Office 365 Advanced Threat Protection Safe Links. If you’d like to learn more about specific policies, you can click here.

In the meantime if there is any other question you may have, or you’d like to connect with our specialists, you can reach out to us at




More Posts


Connect with us