All Collections
Getting started with usecure
Ensuring email delivery on Microsoft 365
Prevent Microsoft 365 from displaying a warning on phishing email links
Prevent Microsoft 365 from displaying a warning on phishing email links

Find out how to set up Microsoft 365 Advanced Threat Protection (ATP) Safe Links Bypass Rules.

Courtney Leacock avatar
Written by Courtney Leacock
Updated over a week ago

Microsoft 365 uses the Safe Links feature to automatically check links in emails and display warnings to users on links that can't be verified as genuine.

To avoid having M365 display warnings on your simulated phishing links, you can set up a Bypass rule in your Exchange ATP settings.

How to set up Microsoft 365 Advanced Threat Protection (ATP) Bypass Rules

Note: You will need to first add a header to your usecure emails through the platform settings. If you have not already done so, follow these instructions to add a header.

2. Go to Mail Flow -> Rules

3. Click the plus symbol ('+') and select Bypass Spam Filtering

4. Enter a name for the rule in the new rule window

5. Add a message header condition by clicking on the Apply this rule if… dropdown and selecting A message header -> includes any of these words

6. You can now complete the message header condition

7. Click Enter text... and enter the header name you set in the system. Click OK.

8. Click Enter words..., and enter the header value you set in the system.

Enter the header value into the field and click the plus symbol ('+') to add it to the list.

9. Click OK to update the condition

10. Under Do the following... select Modify the message properties... > Set a message header

11. Click the first Enter text... link and enter the below in the “message header” field.

X-MS-Exchange-Organization-SkipSafeLinksProcessing

Then click OK.

12. Click the second Enter text... link and enter “1” in the “header value” field and then click OK.

13. Review your rule to ensure it is correct

14. Click Save to finish creating your mail flow rule.

Did this answer your question?