Office 365 – Email Advanced Threat Protection (ATP)

Drexel IT has enabled Email Advanced Threat Protection (ATP) for all accounts that use the Office 365 cloud email service. ATP offers greatly improved spam and malicious software protection for your email account by scanning and testing all attachments for unsafe behavior and malicious code. In addition, ATP checks each message for links that might take you to a phishing or otherwise counterfeited web portal. All incoming messages will undergo both types of scan.

Note: For general information about Office 365 email at Drexel, see Office 365 Email Setup.

Safe Links

When a message contains a clickable image or text, the original address of the link will be replaced with a “safe link.” Safe links apply to ALL email sent to a Drexel mailbox, external or internal.

Safe links contain the string "safelinks.protection.outlook.com/" near the beginning of the URL, such as the example below:

Hovering over a link in email displays the safe link URL in Outlook's bottom bar. 

Safe links, whenever possible, will show you the original URL when you mouse over the link. If the original content cannot be displayed, it will show you the safe link that your browser will actually use if you click on the message. The original URL can also be viewed by copying the the safe link and then decoding it at o365atp.com.

Safe Attachments

When a message contains one or more attachments, the message will be delivered and ATP will begin scanning the attachments. You can read the message body immediately, but the attachments won't be completely available until the safety scan is complete. You may, however, preview attachments deemed "safe" before scanning is complete.

If you open a message immediately after it appears in your Inbox, you might see the attachments listed as being scanned, as shown here. (Opening the "ATP Scan In Progress" attachment shows a message that explains the attachment sent to you is still being scanned.)

Placeholder attachment that shows threat scan is in progress. 

Safe Attachment scans typically complete in under 2 minutes, but they could take longer for large attachments. To see if the scan is complete, close and re-open the message.

FAQ

If I mouse-over a link from a trusted source, why does it look like a weird address?

How do I forward a message or get the link with a Safe Link address?

I received an email with an attachment but it just says, “ATP Scan In Progress – Outlook Item” instead of the file I was expecting. Why?

Why is all incoming mail being scanned by ATP?

I clicked on a link in my email and it told me, “This website has been classified as malicious.” Why?