Articles on: 👍 Initial Setup

How to bypass Microsoft Office 365 Advanced Threat Protection (ATP) Safe Link/Attachment Processing?

If you use the Advanced Threat Protection (ATP) feature and have noticed unlikely clicks on your phishing simulations, it's likely that the ATP analysis system has generated false events. Therefore, it's necessary to configure your email environment to bypass this protection during your phishing simulations with Arsen.


This procedure complements the procedures for authorizing Arsen phishing simulations.


As with these, there are two ways to identify and authorize our simulations: by IP or by header.


[Choose to authorize by IP](#2-Bypass Safe Link by allowing IP address) if you don't have anti-phishing protection upstream of your mail server.

[Choose to authorize by header](#2-Bypass Safe Link by allowing the header) if you have anti-phishing protection, as it may replace the IP address seen by your mail server and exclusion rules won't apply if you use IP authorization.



  1. Create a new Mail Flow rule. The Set rule conditions menu is open.


New rule


  1. Name it : Arsen Safe Link bypass


  1. Click on More options...


  1. Select The senders in Apply this rule if..., then select IP address is in any of these ranges or exactly matches.


conditions


  1. In the new window, enter our IP address : 161.38.204.14, then press Add and Save


IP address


  1. In Do the following..., select Modify the message properties..., then set a message header
  • Click on the first link Enter text..* and enter: X-MS-Exchange-Organization-SkipSafeLinksProcessing
  • Click on the second link. Enter text... and enter : 1


Modify the message properties


  1. Click Next




  1. Create a new Mail Flow rule


New rule


  1. Name it : Arsen Safe Link bypass


  1. Select A message header... in Apply this rule if..., then select includes any of these words


  1. Click on the first Enter text... and in the specify header name window, enter the header available in your account. For more information on setting up this header, refer to this article: how to customize the header of phishing simulation emails?


  1. Click on the second Enter text... and enter true


  1. In Do the following..., select Modify the message properties..., then set a message header


  • Click on the first link Enter text... and enter : X-MS-Exchange-Organization-SkipSafeLinksProcessing
  • Click on the second link. Enter text... and enter : 1


  1. Click Next



Bypass Safe Link by allowing the header

Updated on: 07/11/2023

Was this article helpful?

Share your feedback

Cancel

Thank you!