KPU Information Security has enabled Email Advanced Threat Protection (ATP) for all accounts that use the Exchange online email service. ATP offers greatly improved spam and malicious software protection for your email account by scanning and testing all attachments for unsafe behavior and malicious code. In addition, ATP checks each message for links that might take you to a phishing or otherwise counterfeited web portal. All incoming messages will undergo both types of scan.
When a message contains a clickable image or text, the original address of the link will be replaced with a "safe link." Safe links apply to ALL email sent to a KPU mailbox, external or internal.
Safe links contain the text "safelinks.protection.outlook.com" near the beginning of the URL when viewed from the desktop outlook client:
In the web client, it will clearly display the original link:
In the event that you click on a link, the safe link process will check the validity of the site you are visiting and may present you with a warning screen (as pictured below) in the event that the site will cause harm.
In the event a link is still being scanned, you may encounter the following message:
In this case, it is recommended to wait a few minutes for the process to complete before trying the link again.
If a link is deemed to be safe, you will be automatically redirected to the destination without no intervention, so it is important to read and understand the warnings when they are presented.
When a message contains one or more attachments, the message will be scanned for cyber threats prior to arrival in the recipient's inbox. If the attachment(s) are deemed safe, it will be delivered as usual. When a cyber-threat is identified the original attachment will be removed and replaced with a text file describing the reason for removal.
Safe Attachments for SharePoint Online, OneDrive, and Microsoft Teams
People regularly share files and collaborate using SharePoint Online, OneDrive, and Microsoft Teams.
With Office 365 Advanced Threat Protection (ATP), KPU can collaborate in a safer manner. ATP helps detect and block files that are identified as malicious in team sites and document libraries.
How It Works
When a file in OneDrive, Teams, or SharePoint Online (the back end file storage with Teams), has been identified as malicious, ATP directly integrates with the file stores to lock that file.
The following image shows an example of a malicious file detected in a library, (indicated by a red crossed out shield).
Although the blocked file is still listed in the document library in the web, mobile, or desktop applications, the blocked file cannot be opened, copied, moved, or shared. People can, however, delete a blocked file.
Quarantine in ATP for SharePoint Online, OneDrive, and Microsoft Teams
When a file in SharePoint Online, OneDrive, or Teams is identified as malicious, in addition to ATP blocking the file from being opened or shared, that file is included in a list of quarantined items. If you wish to open the list of quarantined items, you can sign in with your KPU account at the O365 Email and Files Quarantine List. sign in, and then filter the list for Files
If you think a file was incorrectly quarantined please reach out to the Information Security Office at firstname.lastname@example.org, they will be able to further analyze the file in question and perform additional actions.