Frequently Asked Questions about Advance Threat Protection

What is Dartmouth doing?

Dartmouth is enabling Microsoft's Advanced Threat Protection (ATP) to provide an additional level of protection against online threats. ATP provides two services that will strengthen email protections for Dartmouth: Safe Attachments and Safe Links.

What is Safe Attachments?

This security measure checks email message attachments for malware (malicious software) and removes any attachments found to contain malware. The body of the message is delivered to the recipient along with a notification that an unsafe attachment was removed. Depending on the file type of the attachment, there may be a delay in email delivery while the attachment is analyzed. According to Microsoft, the average delay is 4 minutes but could be up to 30 minutes. 

Safe Attachments will analyze all attachments sent to Dartmouth by external senders. It will not analyze the attachments in any emails exchanged between Dartmouth.edu accounts. 

What is Safe Links?

This security measure proactively protects members of the Dartmouth community from malicious links in an email. The Safe Links service analyzes every link and determines whether it points to a known malicious website. When a link is clicked for which this is the case, a warning is presented rather than the website. For links which are deemed safe, no such warning is displayed.

The Safe Links service rewrites the URLs displayed in the body of the email, following this pattern: https://...safelinks.protection.outlook.com.../ For example, if www.testsite.com appears in the email message, Safe Links will display it as something like https://na01.safelinks.protection.outlook.com/?url=http:/link.scsend.com/tavc%3Freceipient_id%3.....

Additionally, some applications or browsers may continue to display the old format, but the display that shows where the link is actually going, will display the Safe Links wrapper. 

Safe Links will analyze all links sent to Dartmouth by external senders. It will not analyze the links in any emails exchanged between Dartmouth.edu accounts.  

Why are we doing this? 

To put safeguards in place to better protect the Dartmouth community from malicious email attacks, such as the recent WannaCry or Petya ransomware attacks which spread globally. These protections will reduce the likelihood that members of the Dartmouth community will become victims of similar exploits in the future.

How will Advanced Threat Protection affect me? 

There will be no impact on email exchanges with other Dartmouth accounts within Dartmouth's Office 365 environment ("@dartmouth.edu" accounts).

For attachments sent by senders external to Dartmouth's Office 365 environment, there will be no impact, other than a slight delivery delay, as long as the email and attachment are not infected with known malware.

Links in emails sent from external addresses (accounts other than "@dartmouth.edu" accounts) will be analyzed and rewritten by the Safe Links service. This means that the links will look different, and a safety warning will be displayed if a link is clicked which points to a known malicious web site. Links deemed to point to "safe" sites will not display any warning, but go directly to the link destination.

Will this affect my email regardless of what I use to read it?

Yes, these protections will be in place no matter which browser or email program is used. 

Can I opt out? 

No - all Dartmouth Office 365 email will be protected.

Will we be able to "allow" individual domains and senders so that they are exempt from this processing?

To ensure maximum protection there will be very few exceptions to Safe Attachments and Safe Links processing. If significant operational interruptions occur from repeated false positives, a determination will be made on how best to resolve the issue.

What about privacy? Will Microsoft now track who, when and what links Dartmouth users click on? What will they do with this information?

In a word, no. According to Microsoft's Office 365 privacy statement, Microsoft will use Dartmouth data only to provide the services we receive via the Office 365 platform. This may include troubleshooting aimed at preventing, detecting and repairing problems affecting the operation of the services and the improvement of features such as the detection of, and protection against, emerging and evolving threats to members of the Dartmouth community (such as malware, ransomware or spam).

For more information see:

For additional questions, see IT Help Sources.