Office 365 Documentation

LSU Health - Office 365 - Safe Links
 

Contents

Introduction
How do Safe Links Work?
What do Safe Links Do?
Cautions

 

Introduction

We have implemented a new solution from Microsoft called Advanced Threat Protection (ATP) Safe Links to protect our users from malicious links received by email.  Safe Links re-writes links in your email message so that protection can be applied when you click the link.   If a link is deemed harmful, it will block access to that link.  This feature will protect users even if they are accessing the links from their mobile devices or when they are off of the LSUHSC network.

How do Safe Links Work?

For many email messages, you won't immediately notice any changes.  The browser links will look like they normally do.  But if you hover your mouse over the link, you will see the address now points you to a safelinks.protection.outlook.com address. 

www.google.com

If messages are sent in Plain Text format, the full link will be shown in the message.

https://na01.safelinks.protection.outlook.com/?url=www.google.com&data=02%7C01%7CADoskey%40lsuhsc
.edu%7C65c0fb9f085747b6d44b08d643fefcde%7C3406368982d44e89a3281ab79cc58d9d%7C0%7C0%7C636771159764551123&sdata=kEHcCCMedhMv%2BNas0C2oeaXqkzFXZdCJeckYK8HWcBU%3D&reserved=0

Note: We have higlighted above to show the SafeLinks portion at the beginning of the link (in green), and the destination domain (in yellow).  Please pay attention to links before you click, and ask your local supporter or Postmaster for assistance if you are suspicious or want to confirm a link before you click. 

Note: ATP Safe Links will not rewrite links for our own domains: lsuhsc.edu and lsuh.sc

 

What do Safe Links Do?

If Microsoft or LSUHSC find a link to be malicious, we can block users from getting to that link.  Even if the link is harmless when the message is first sent, a malicious agent could change the destination to contain harmful content (such as a login page to steal your credentials).  By using a Proxy address, the original link is checked at the time the user clicks it, to determine if anyone has reported it as suspicious.

If a link has been determined to be harmful, you will see one of the following messages:

If blocked by Microsoft:

  • Safe Link bliocked by MSFT

If blocked by LSUHSC:

  • Safe Link blocked by LSUHSC
     

Cautions

Remember to only click links in messages sent by a reliable and verified source.  If the sender's email address looks suspicious, or the message itself doesn't look right, don't click the link without checking with your local computer supporter, or Postmaster.  Safe Links provides extra protection, but does not guarantee that all links are safe.

If you ever click on a link, and it takes you to anything suspicious, close the browser and follow appropriate procedures.  Click the link below for associated compliance documentation:
https://intranet.lsuhsc.edu/admin/ocp/training_requirements.aspx#HIPAA Security

Safe Links will only re-write links for messages sent to users in a Safe Links policy.  If you compose an email to an external user that contains an ordinary link, it will not rewrite the link unless their organization is also using Safe Links.  However, if you forward an email that contains a re-written safe link, it will send that same link through to your recipient.  These re-written links are available to anyone who gets them - so any links you send people should work for them whether they are re-written or not.