In this article I will go through my findings and analysis on the Safe Links feature of Microsoft’s Office 365 Exchange Online Advanced Threat Protection.
If you find yourself using the Office 365 (Exchange Online) e-mail quarantine often then you probably know how frustrating and slow it can be to quickly find and release quarantined items. Often times you’ll find yourself waiting for a few minutes only to realise it’s not doing anything. Then you have to refresh the page and re-enter your search criteria. The fact you can’t even wildcard searches is also unforgivable (it’s 2016 Microsoft, why can we not wildcard search the subject and sender fields?!)
This annoyance coupled with my eagerness to play with PowerShell led me to develop a quick and dirty quarantine tool or viewer if you like. The tool is quite basic but it will let you do the following:
- Wildcard search the subject and sender fields
- Configure the number of results to return
- Release a message based on message ID
If you want to have a play with the tool, it’s on my GitHub along with the source code if you feel like suggesting some improvements.