Office 365 – Email Advanced Threat Protection (ATP)

KPU Information Security has enabled Email Advanced Threat Protection (ATP) for all accounts that use the Exchange online email service. ATP offers greatly improved spam and malicious software protection for your email account by scanning and testing all attachments for unsafe behavior and malicious code. In addition, ATP checks each message for links that might take you to a phishing or otherwise counterfeited web portal. All incoming messages will undergo both types of scan.

Safe Links

When a message contains a clickable image or text, the original address of the link will be replaced with a "safe link." Safe links apply to ALL email sent to a KPU mailbox, external or internal.

Safe links contain the text "" near the beginning of the URL when viewed from the desktop outlook client:

Safelinks Outlook Client Example URL

In the web client, it will clearly display the original link:

SafeLinks Outlook for Web Example

In the event that you click on a link, the safe link process will check the validity of the site you are visiting and may present you with a warning screen (as pictured below) in the event that the site will cause harm.

SafeLinks Malicious Link WarningSafeLinks Phishing Link WarningSafeLinks Suspicious Link Warning

In the event a link is still being scanned, you may encounter the following message:

SafeLinks Scanning Warning

In this case, it is recommended to wait a few minutes for the process to complete before trying the link again.

If a link is deemed to be safe, you will be automatically redirected to the destination without no intervention, so it is important to read and understand the warnings when they are presented.

Safe Attachments

When a message contains one or more attachments, the message will be scanned for cyber threats prior to arrival in the recipient's inbox. If the attachment(s) are deemed safe, it will be delivered as usual. When a cyber-threat is identified the original attachment will be removed and replaced with a text file describing the reason for removal.​

Safe Attachments for SharePoint Online, OneDrive, and Microsoft Teams​

People regularly share files and collaborate using SharePoint Online, OneDrive, and Microsoft Teams.

With Office 365 Advanced Threat Protection (ATP), KPU can collaborate in a safer manner. ATP helps detect and block files that are identified as malicious in team sites and document libraries.

How It Works

When a file in OneDrive, Teams, or SharePoint Online (the back end file storage with Teams), has been identified as malicious, ATP directly integrates with the file stores to lock that file.

The following image shows an example of a malicious file detected in a library, (indicated by a red crossed out shield).

ATP Blocked File Example

Although the blocked file is still listed in the document library in the web, mobile, or desktop applications, the blocked file cannot be opened, copied, moved, or shared. People can, however, delete a blocked file.

Quarantine in ATP for SharePoint Online, OneDrive, and Microsoft Teams

When a file in SharePoint Online, OneDrive, or Teams is identified as malicious, in addition to ATP blocking the file from being opened or shared, that file is included in a list of quarantined items. If you wish to open the list of quarantined items, you can sign in with your KPU account at the O365 Email and Files Quarantine List. sign in, and then filter the list for Files

If you think a file was incorrectly quarantined please reach out to the Information Security Office at, they will be able to further analyze the file in question and perform additional actions.