Sometimes the Microsoft 365 Advanced Threat Protection (ATP) Safe Links service may mistakenly identify a Cloud Assess URL as malicious. This can happen when there is a “false-positive” result from Microsoft’s ATP algorithm.
While we are working with Microsoft to resolve the issue, to visit Cloud Assess URLs that are automatically blocked by the ATP Safe Links in Office 365 in the meantime, you can set up a custom "do not rewrite" list for specific groups in your organisation.
How to set up a custom do-not-rewrite URLs list using Office 365 Advanced Threat Protection (ATP) Safe Links
ATP Safe Links protection uses "do not rewrite" lists for exceptions. If you are assigned a role with administrative privileges, you can whitelist Cloud Assess by setting up your custom "do not rewrite" lists.
You can set a "do not rewrite" list when you add or edit Safe Links policies that apply to specific recipients in your organisation.
To view or edit a custom "do not rewrite" URLs list
Go to https://security.microsoft.com and sign in with the Microsoft account with admin rights.
In the left navigation, under Policies & rules > Threat policies > Safe Links.
In the section, you may choose Create or select an existing policy
On protection settings or Edit protection settings in existing policies
In the Do not rewrite the following URLs section and Manage URLs, select Add URLs, and enter the following URL
When you are finished adding URLs, in the lower right corner of the screen, choose Save/Submit.
Important notes:
To allow the recipients in your organisation to access Cloud Assess and all the subdomains and paths, we recommend adding a wildcard asterisks (*) to the end of the URL you specify in the “do not rewrite” list.
To learn more about Office 365 ATP Safe Links policies, here are some Help articles by Microsoft that you may find useful: