Follow the below steps to prevent Office 365 Advanced Threat Protection (ATP) from rewriting phish domains.
- Get a list of our phish domains by contacting support.
- Go to your Office 365 Admin Center (click on Admin > Exchange).
- Click on advanced threats.
- Click on safe links.
- Double-click on the link policy name. Select settings.
- Finally, add the domains to the list below Do not rewrite the following URLs: Add an asterisk (*) followed by a period (.) at the beginning of each phish domain, if it is not already there. Example: *.intranet-fi.com