Bypassing Link Analysis by Microsoft 365 Defenses

Since the creation of Exchange Online, the first security system used was EOP (Exchange Online Protection), which was limited to link analysis.

In 2018, Microsoft introduced a more advanced solution called ATP (Advanced Threat Protection).

This solution provides in-depth link analysis and even opens links in virtual environments to detect any suspicious authentication requests.

However, over the years, the ATP system evolved into Microsoft Defender, and the analysis methods were also updated.

Regarding the ability to bypass or declare legitimate URLs to prevent them from being rewritten or analyzed by Microsoft Defender, I am pleased to inform you that this is possible.

You can perform this action from the Microsoft Defender portal using the following link:
https://security.microsoft.com/safelinksv2

From there, you can specify links that should not be rewritten by Microsoft Defender, including:

  • security-mail.net/*
  • humail.link

Please note, however, that this action can only be applied to a user, group, or domain within your own tenant, and not to other tenants or globally across Office 365 servers.

Tags