1. Login to Office 365 Security and Compliance.

  2. In the menu on the left hand side, click on Threat Management then Policy and finally click the Safe Links option.

  3. Click on the + Create link
         
  4. Specify the name, description, and settings for your policy.
     
     
  • In the Name box, enter a suitable name - e.g.
    CRA ATP Safe Links Policy.


  • In the Description box, type a description - e.g. 
    Excludes CRA domains from being rewritten by ATP.


  • Click the Next button.



  1. One the following Users and domains screen, please enter the names of the recipient domains into the highlighted Domains text entry box and press enter for each to add as below.

    In our example, we are only using one domain for all our users, so we have just added cyberriskaware.com

    Note: If you are sending Phishing campaigns to additional domains, please add those here also.

 



On the following screen - click the arrowed items below.



Then enter each of the following URLs into the Do not rewrite the following URLs, and click the Add button to add each one.


*.e-messsages.com/*

*.emesssages.com/*

*.e-citrix.com/*

*.ecompliants.com/*

*.e-compliants.com/*

*.e-faax.com/*

*.eonline-shopping.com/*

*.e-outlook.com/*

*.e-owa.com/*

*.evpnn.com/*

*.e-vpnn.com/*

*.orders-processed.com/*

*.storage-limit.com/*

*.docusine.com/*

*.barclaysbanksonline.co.uk/*

*.docs-google.com/*

*.it-admingroup.com/*

*.it-companyadmin.com/*

*.it-securegroup.com/*

*.it-securemail.com/*


5.    When you are finished adding all the above URLs, click on the Next button.

On the Notification settings screen, you do not want to notify or alert users at this point (as this is a test mock phishing campaign) so check the Use Custom Notification text option and leave it blank as below.


Click the Next button and you will see a summary of your changes.

Please check these are correct, and click submit:



You have now completed this step.