Follow the below steps to prevent Office 365 Advanced Threat Protection (ATP) from rewriting phish domains.
- Get a list of our phish domains from this article.
- Go to your Office 365 Admin Center (click on Admin > Exchange).
- Click on advanced threats.
- Click on safe links.
- Double-click on the link policy name. Select settings.
- Finally, add the domains from this article to the list below Do not rewrite the following URLs:. Add an asterisk (*) at the beginning of each phish domain, if it is not already there. Example: *intranet-fi.com