Advanced Threat Protection (ATP) Whilelist - add wildcard support and/or extend the 320 character limit
Advanced Threat Protection (ATP) Safe Links whitelist currently has a 320 character limit, and does not allow wildecards.
Please either turn on wildcards for the urls or expand the 320 character limit to something much larger.
13 comments
-
Al Douglas commented
This should be completed.
https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-atp-safe-links-policies
Do not rewrite the following URLs
Leaves URLs as they are. Keeps a custom list of safe URLs that don't need scanning for a specific group of email recipients in your organization. See Set up a custom "Do not rewrite" URLs list using ATP Safe Links for more details, including recent changes to support for wildcard asterisks -
Chad Hancock commented
Need wildcard support please!
-
Al Douglas commented
Hi all. Worth noting that Wildcards are now allowed (See https://support.office.com/en-us/article/Set-up-a-custom-do-not-rewrite-URLs-list-using-Office-365-ATP-safe-links-35dbfd99-da5a-422b-9b0e-c6caf3b645fa), and ETR's can also be used to prevent links from being re-written by the addition of a specific header (but only by the tenant administrator). Support can assist with these if required
-
Support commented
https://support.office.com/en-us/article/Set-up-a-custom-do-not-rewrite-URLs-list-using-ATP-safe-links-35dbfd99-da5a-422b-9b0e-c6caf3b645fa
this article is misleading
Post feature is available we shd have published . -
Michael Eastman commented
One example that we are facing -- we'd LOVE to have ATP scan all our links -- but we cannot. Some of our customers and suppliers links break when they are run through ATP.... which means we need to whitelist with a wildcard their URLs. The alternative is to entirely turn OFF ATP... which defeats the purpose.
Wildcard support!
-
Rein commented
Just to understand why you all want this feature so badly. Why would you not have ATP scan all your links? What would be the very specific reason to white list, say, a trusted partners site?
I imagine some of those (subdomain) sites are hosted outside that company's boundries by third parties and such. Do you trust them enough to be 100% sure their site will not be hijacked?
Is it the performance impact / time before email arrives that worries you? Remember, just trying to understand.
To my understanding you can use Exchange Transport Rules to granularly excempt hosts and such for rewriting URLs.
-
Drew Love commented
Wildcard support definitely needs to happen. We receive web form submissions from a Drupal site that desperately need wildcard support.
-
Ryan Pizzi commented
Agreed that this feature would alleviate a number of headaches.
-
Robin Frousheger commented
Yep, we trialed ATP and almost immediately bought a competing product. This was a *very* big factor in the decision. We currently have 150+ whitelisted URLs, including many wildcard domains/etc and have to add more each day. (e.g. "one click" action URLs, trusted partner/subsidiary, and so on).
-
Brian Jensen commented
Agreed, this is just dumb. Microsoft put out this feature, but then basically just abandoned all development around it. Safe Links and Safe Attachments has some much needed features added in.
-
me commented
competitors have this feature.. come on 365 build this feature
-
Mitchel Weinberger commented
I'm adding my name to this request.
-
Douglas Plumley commented
I second this, not being able to wild card your root domain is super frustrating.