Topics Map > Security > Antivirus
Topics Map > Communication & Collaboration > Email & Calendaring > Exchange
Topics Map > Communication & Collaboration > Productivity Software > Office 365

What is Safe Links and how does it help protect me?

UIC will be implementing Safe Links on November 8, 2020


Safe Links is part of Microsoft's Defender platform and helps better protect you from malicious links in emails. Safe Links checks URLs to see if they are malicious or safe before loading the web page. If the URL leads to an attachment, the attachment will be scanned for malware. If the URL is identified as insecure, the user is taken to a page displaying a warning message.


When a link in an email or Microsoft Office document is clicked, Safe Links performs a scan to determine if the link is malicious. Safe Links also scans any documents available on that link at the time of click to prevent malicious file downloads to your system. This protection works for both current desktop versions of Microsoft Office as well as Office Online.


If Safe Links determines the link is safe to view, you will proceed as expected; if the link is determined to contain malicious content, you are redirected to a warning page.


Only incoming links are rewritten. When you write an email to someone outside of UIC, the URLs in that message are not rewritten.


Additional Details


Benefits of Safe Links

  • Safe Links helps prevent inadvertent access to malware through links and attachments. The solution is seamless from a user experience perspective, and the product is unobtrusive, working efficiently in the background.
  • URLs are examined in real-time, at the time a user clicks them. If a link is unsafe, the user is not permitted to visit the site.
  • Phishing URLs in email messages do not normally contain malicious content but have malicious intent. Safe Links will allow IT administrators to block unwanted URLs to protect the UIC community from phishing URLS.
  • Reporting is available that allows IT security personnel to track successful clicks on phishing links that were not blocked so that they can scramble passwords to prevent attackers from using phished information.


What looks different?

The hyperlink in every email that you receive will be rewritten and appear differently than they are currently displayed. Here is an example of a URL rewritten with Safe Links


https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fci.office.net%2Fapi%2Femailcount%3Flid%3D1a44b413-1866-4cda-9a96-2bf58474a914%26tid%3D51d75f6a-dc1b-4263-9b42-62614f399eb8&data=02%7C01%7CNETID%40uic.edu%7C3a749337155a4e4f0df108d4a139fcd7%7Cd61ecb3b38b142d582c4efb2838b925c%7C1%7C0%7C636310717800979766&sdata=0Od9u%2FR3RMtozlIWDcX8WCDVJHg1B7CW0Y7B1niBbok%3D&reserved=0


The sections include:


  1. na01.safelinks.protection.outlook.com/ - the Microsoft Safe Links proxy server. (The first part of this name will vary)
  2. ?url=http%3A%2F%2Fci.office.net%2Fapi%2Femailcount – the destination web address, address ends just before &data= 
  3. NETID%40uic.edu – the email address of the recipient (your email address will only appear in emails within your own inbox)


If you click on one of these links and the webpage is deemed malicious, you will see a warning message that prompts you to navigate away from the site. Otherwise, you will reach the intended destination site.


NOTE: Some links (those in emails that contain formatting) may appear completely normal, with the only indication that Safe Links is working being a link similar to the above appearing at the bottom of the Outlook window when you hover over the link. The bubble that pops up when you hover over the link may look something like the following and contain the words "original URL".

Hover state of a link

NOTE: Safe links will not rewrite links for University of Illinois domains (*.uic.edu, *.uillinois.edu, *.uis.edu, *.illinois.edu)


Safe Links Process for Emails

Note that Safe Links currently only applies to UIC's Exchange email system, not to UIC Gmail.

For email sent to a recipient in Exchange:


  1. All email at UIC is processed by spam and virus checking systems to identify and remove malware and spam
  2. Email arrives in your inbox.
  3. You view your email either in your mail client (e.g. Outlook) or by signing in to Exchange Online.
  4. When you open an email message and click on a link, Safe Links checks the destination to see if it has been identified as blocked, malicious, or safe.
    1. If the link is to a website that is included in our blocked URL list, the following warning page opens.

      Warning pop-up with "We've detected an unsafe link" and details

    2. If the link goes to a downloadable file the downloadable file is checked for malware.
    3. If the link is determined to be safe, the website opens.

Note: You will not be allowed to "continue anyway"


Safe Links Process for Other Applications

Safe Links protection works for links in the following applications:

  • Current versions of Word, Excel, and PowerPoint on Windows, Mac, or in a web browser
  • Office apps on iOS or Android devices
  • Visio on Windows
  • OneNote in a browser
  • Microsoft Teams (conversations, group chats, and channels)
  1. You open one of the applications listed above and see a link.
  2. When you click on a link in the application, Safe Links checks the destination.
    1. If the link is to a website that is included in our custom blocked URLs list, or that Microsoft has determined is malicious, the following warning page opens.

      warning page

    2. If the link goes to a downloadable file, the downloadable file is checked for malware.
    3. If the link is determined to be safe, the website opens.
    4. If the link check fails, Safe Links protection will not trigger. If using the desktop version of the application, you will be warned before proceeding to the site.

Note: You will not be allowed to "continue anyway"


What if I am blocked from accessing a legitimate website?

Contact security@uic.edu to report any false positives, an allowed list is available to help manage URLs that should not be blocked.

Remember to only click links in messages sent by reliable and verified sources. If the sender’s email address looks suspicious, or the message itself doesn’t look right, don’t click the link.

See Also:




Keywords:365, Microsoft, weird, unsafe, ATP, URL, Exchange, phish, safelinks, exchange, defender, malicious, danger   Doc ID:105912
Owner:Scott R.Group:University of Illinois Chicago Technology Solutions
Created:2020-09-17 10:55 CSTUpdated:2020-10-30 08:40 CST
Sites:University of Illinois Chicago Technology Solutions
Feedback:  0   0