https://community.checkpoint.com/t5/General-Topics/How-to-deal-with-Microsoft-s-Office-365-ATP-Outlook-issues/m-p/62592#M12681 <P>Did you ever get this to work?&nbsp; I'm in the same situation.&nbsp; Need to block public hotmail/outlook.com, but need to enable the Office365 services such as SafeLinks ATP (<A href="https://xxxxx.safelinks.protection.outlook.com).&nbsp;" target="_blank">https://xxxxx.safelinks.protection.outlook.com).&nbsp;</A> Thus far I haven't been able to get any override to work successfully (also no SSL inspection).&nbsp; For my tests I've created rules like:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CPRule.PNG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2509iB0419052F7E79365/image-size/large?v=v2&amp;px=999" role="button" title="CPRule.PNG" alt="CPRule.PNG" /></span></P><P>This is how the custom application is configured</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ATPCustomApp.PNG" style="width: 624px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2510iB6D0967DF3252D96/image-size/large?v=v2&amp;px=999" role="button" title="ATPCustomApp.PNG" alt="ATPCustomApp.PNG" /></span></P><P>And I've tossed in an override categorization like below just for good measure.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OverrideCat.PNG" style="width: 525px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2511i5E43993D4E26C3E3/image-size/large?v=v2&amp;px=999" role="button" title="OverrideCat.PNG" alt="OverrideCat.PNG" /></span></P><P>However all attempts to access anything like xxx.safelinks.protection.outlook.com/xxxxxxxxxx does not get recognized by the first rule and is blocked by the second "Tony test hotmail block" rule.&nbsp; Any other thoughts about how to best address this issue?</P><P>&nbsp;</P> Thu, 12 Sep 2019 12:07:51 GMT ccarpediem 2019-09-12T12:07:51Z https://community.checkpoint.com/t5/General-Topics/How-to-deal-with-Microsoft-s-Office-365-ATP-Outlook-issues/m-p/52471#M10390 <P>Microsoft, in their infinite wisdom, decided to prefix all links in Outlook 365 for Enterprise with ATP with:</P> <P><STRONG><A href="https://nam04.safelinks.protection.outlook.com" target="_blank">https://nam04.safelinks.protection.outlook.com</A>&nbsp;and pass the actual URLs as parameters for inspection.</STRONG></P> <P><STRONG>Since client has a "No Wbmail" rule in their APPC/URLF, preceded&nbsp;by "Office 365 Enterprise" permit, this causing all the links with "outlook.com" to flop.</STRONG></P> <P>&nbsp;</P> <P><STRONG>What is the best way of permitting these links to remain functional?</STRONG></P> <P><STRONG>Create the&nbsp;</STRONG></P> <P><STRONG>.safelinks.protection.outlook.com app and add it to the categorization exemptions?</STRONG></P> <P>&nbsp;</P> <P><STRONG>P.S. there is no HTTPS inspection in this environment, just categorization with the widgets.</STRONG></P> Fri, 03 May 2019 01:40:08 GMT https://community.checkpoint.com/t5/General-Topics/How-to-deal-with-Microsoft-s-Office-365-ATP-Outlook-issues/m-p/52471#M10390 Vladimir 2019-05-03T01:40:08Z https://community.checkpoint.com/t5/General-Topics/How-to-deal-with-Microsoft-s-Office-365-ATP-Outlook-issues/m-p/52549#M10405 That's what I'd do. Fri, 03 May 2019 20:48:03 GMT https://community.checkpoint.com/t5/General-Topics/How-to-deal-with-Microsoft-s-Office-365-ATP-Outlook-issues/m-p/52549#M10405 PhoneBoy 2019-05-03T20:48:03Z https://community.checkpoint.com/t5/General-Topics/How-to-deal-with-Microsoft-s-Office-365-ATP-Outlook-issues/m-p/62592#M12681 <P>Did you ever get this to work?&nbsp; I'm in the same situation.&nbsp; Need to block public hotmail/outlook.com, but need to enable the Office365 services such as SafeLinks ATP (<A href="https://xxxxx.safelinks.protection.outlook.com).&nbsp;" target="_blank">https://xxxxx.safelinks.protection.outlook.com).&nbsp;</A> Thus far I haven't been able to get any override to work successfully (also no SSL inspection).&nbsp; For my tests I've created rules like:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CPRule.PNG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2509iB0419052F7E79365/image-size/large?v=v2&amp;px=999" role="button" title="CPRule.PNG" alt="CPRule.PNG" /></span></P><P>This is how the custom application is configured</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ATPCustomApp.PNG" style="width: 624px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2510iB6D0967DF3252D96/image-size/large?v=v2&amp;px=999" role="button" title="ATPCustomApp.PNG" alt="ATPCustomApp.PNG" /></span></P><P>And I've tossed in an override categorization like below just for good measure.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OverrideCat.PNG" style="width: 525px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2511i5E43993D4E26C3E3/image-size/large?v=v2&amp;px=999" role="button" title="OverrideCat.PNG" alt="OverrideCat.PNG" /></span></P><P>However all attempts to access anything like xxx.safelinks.protection.outlook.com/xxxxxxxxxx does not get recognized by the first rule and is blocked by the second "Tony test hotmail block" rule.&nbsp; Any other thoughts about how to best address this issue?</P><P>&nbsp;</P> Thu, 12 Sep 2019 12:07:51 GMT https://community.checkpoint.com/t5/General-Topics/How-to-deal-with-Microsoft-s-Office-365-ATP-Outlook-issues/m-p/62592#M12681 ccarpediem 2019-09-12T12:07:51Z