Office 365 - ATP Safe Links


  1. Login to Microsoft 365 admin center.

  2. In the menu on the left hand side, click on ...Show all then Security > Policies & Rules > Threat Policies > Safe Links

  3. Click on the + Create 
         
  4. Specify the name, description, and settings for your policy.
     
     
    • In the Name box, enter a suitable name - e.g.
      SafeTitan ATP Safe Links Policy.


    • In the Description box, type a description - e.g. 
      Excludes SafeTitan domains from being rewritten by ATP.
       


  5. Click the Next button.
      
  6. One the following Users and domains screen, please enter the names of the recipient domains (your domains) into the highlighted Domains text entry box and press enter for each to add as below.

    In our example, we are only using two domains for all our users, so we have just added e-message.com 
    and  e-citrix.com

    Note: If you are sending Phishing campaigns to additional domains - i.e. yourdomain(s).com, then please add those here also.

     
  7. On the following screen - click the arrowed items below.

    - On - URLs will be rewritten and checked against a list of known malicious links when user clicks on the link. 



Then enter each of the following URLs into the Do not rewrite the following URLs, and click the Add button to add each one.


  • e-messsage.com
  • emesssages.com
  • e-citrix.com
  • ecompliants.com
  • e-compliants.com
  • e-faax.com
  • eonline-shopping.com
  • e-outlook-online.com
  • e-owa.com
  • evpnn.com
  • e-vpnn.com
  • orders-processed.com
  • storage-limit.com
  • docusine.com
  • barclaysbanksonline.co.uk
  • docs-google.com
  • it-admingroup.com
  • it-companyadmin.com
  • it-securegroup.com
  • it-securemail.com
  • bitliy.co
  • order-processed.com
  • corp-benefits-online.com
  • advanced-documents.com
  • delivery-details.com
  • it-communications.com
  • keeper-secure.com



8.    When you are finished adding all the above URLs, click on the Next button.

On the Notification settings screen, you do not want to notify or alert users at this point (as this is a test mock phishing campaign) so check the Use Custom Notification text option and leave it blank as below.


Click the Next button and you will see a summary of your changes.

Please check these are correct, and click submit:



You have now completed this step.