ATP Safe Links - Report False Positives / Possibility to overwrite MS classification
There is no feasible way to report false positives in ATP Safe Links.
If you run into this scenario, you can either send an email to SafelinksFeedback@microsoft.com and wait that it is being resolved or you open a support case at Microsoft.
Both options take a lot of time.
However, the email containing the link classified as malicious by Microsoft has already been sent out and the expectation is to make this link working as soon as possible.
Therefore, there needs to be a way to report those links which have to be re-classified (with a proper process attached) or a configuration to overwrite MS classification (last option would only help within the tenant, but not cross-tenant).
I found this out the hard way and I'm not sure if this differs based on your O365 subscription but if you go to https://protection.office.com/reportsubmission you are able to report the URLs and domains you want to unblock. You can also report specific emails and attachments. Regular Microsoft O365 support seemed totally unaware of this. It took Premier Support to resolve this quickly. Could have potentially disrupted business significantly.
I don't know if you set the "Do not rewrite the following URLs:" in your portal if it will allow previously stamped 'bad' as ok.
Frank Martinez commented
+1 Microsoft needs to make some mechanism available to customers so that URLs that are incorrectly identified by STP Safelinks as being unsafe can be corrected. Per-tenant whitelisting is inadequate (and doesn't seem to work well).