Advanced Threat Protection (ATP) - Implement in Safe Link a blacklist
Please implement in ATP Safe Link a black list for single tenant where insert the bad urls that ATP not intercepts or the bad url that are malicious for the company
We resolved this in 2017. Additionally, today, you can now check and report links to us in Submissions Explorer (Security & Compliance → Threat Management → Submissions)
Al Douglas commented
This is very important. We have very short times to respond to threats, and being able to add a URL to the blocked list of URLs for our tenant is critical.
Please provide an update. The ability to blacklisting confirmed phishing URLs would be a boon during incident response.
Let's be frank, ATP's URL scanning/reputation database is never going to be 100%. Please let tenants contribute to the list, and more importantly, let tenants manually add blocks to their own ATP Safe Links blacklist.
Bjørn Tore Garderhagen commented
Any news ?
a group of our users recieved a link to a simple site asking for Office365. The entered password was used to send the same email to new users.
We have now had three rounds of this same email. I would love to add the URL to a blacklist and make ATP intercept users clicking on it. We have blocked the URL in DNS and FW. But still someone clicks the URL on their phone or similar.
Hope this will come soon
This would be very useful. Especially with end user mobile devices not being protected by our proxy server. One user received an email today that appeared to be officially from Microsoft, but actually redirected them to a third party to enter and presumably steal their credentials.
Four months ago, I have opened a case about this feature and Microsoft Support tell me that this feature was not implemented.
I hope it Willemstad be soon
Good feature :-)
This is important for me too