DoNotRewriteUrls in Outlook 1911+Vastattu
Is anyone else having an issue with Microsoft ATP Safelinks and Phishing Campaigns?
From OWA and Outlook for IOS, it works perfectly.
But Outlook for Windows ALWAYS gets blocked by ATP Safelinks.
Feedback from Microsoft:
There is a new Outlook feature that has been released (released in Outlook build 1911) that will call the Safe Links API on all unwrapped links and provide the same time-of-click protection to those unwrapped links. And that is what is happening here. Unfortunately the "DoNotRewriteUrls" setting does not apply to the new Outlook feature.
Especially for KnowBe4 link
Thank you for your contribution to the community board! We do have documentation on how to bypass Microsoft ATP you can find that documentation here.
How to Bypass Safe Link/Attachment Processing of Advanced Threat Protection (ATP)
If you've already done these whitelisting steps and Outlook for Windows is not honoring the whitelisting due to the 1911 Outlook release let us know. I'd like to get you a ticket opened and assigned to our Advanced Support Team to get more information so that we can get the phishing platform working properly for you!
Edit: Scott I see that you actually have a ticket already. I'll go ahead and see if I can get it over to an advanced support rep for you this morning!Kommenttitoiminnot
Thanks Laura, we have had to delay our deployment until this is resolved. So far it has been over a month and a lot of troubleshooting, but unfortunately no result. I have found 1 configuration that seems to work and have informed KnowBe4 and MS:
nam05.safelinks.protection.outlook.com.... as the Phish Link Domain (see attached).
We have open calls with KnowBe4 and MS, but is a very frustrated issue preventing us from using the product.
Hi Scott and Laura!
We appreciate your contributions to the community board. Scott, I know that you have a ticket with us and Microsoft and Laura I would be glad to open a ticket with our Advanced support team with the issue so we can take a closer look at your environment. I also encourage you to open a ticket with Microsoft as well to help us to get to the bottom of this one!
I can assure you that we're working on the issue internally to make sure that you can use the product as intended!
Let me know if I can assist or if you have any additional information to provide the community board on the item it helps drastically!
Have you learned anymore about the situation? We have been told by Microsoft that it is working as designed. We keep escalating. KB4 tells us they are getting a similar message from Microsoft and continue to push back. We were able to squeeze a week long test in before we roll out ATP but after that, I don't know what we will do.
We were about to start deploying Safe Links, but we're going to put this on hold because of what I'm reading here. The sad reality is that, because Microsoft has begun rolling out their own Attack Simulator, my guess is that they are going to become increasingly hostile towards companies like KnowBe4 in order to favor their own products. This is not unlike the problems we've had while testing Automated Investigation and Response ("AIR") in Office 365: even though KnowBe4 emails are whitelisted in every way we can think to whitelist them, AIR still picks them up and starts "phishing" investigations based on them and provides no way to whitelist domains or IP addresses.
Microsoft knows KnowBe4's root domains and IP addresses are safe and chooses to continue to classify them as malicious in order to push their own products. This anti-competitive behavior is disappointing, inappropriate, and makes me worry about KnowBe4's continued ability to work with Office 365 in the future. Thankfully KnowBe4 has a far superior product, which will hopefully help it weather this storm.
I'm glad that you were able to investigate the situation and come to a good conclusion on this one. We have been working to find a way to bypass ATP and AIR ZAP with some successes.
We're continuing to work on this item to make sure that we can bypass this Microsoft feature going forward reliably. If you would like, I'd be glad to open you a ticket and we'd be glad to employ the troubleshooting steps that we have to see if we can make this work for you!
Good Day! At this time, Microsoft has updated to Advanced Delivery Policies for the Whitelisting of Phishing Emails. As you are still seeing issues, I went ahead and opened a support ticket with our team so we can see what your current whitelisting configuration is, and to help provide our recommendations for whitelisting in your specific environment. Our team will be happy to help!
Kirjaudu sisään jättääksesi kommentin.