One of the major attack vector used by threat actors are sending emails with malicious URLs. These emails without any malicious attachments usually has luring text which encourages users to click on a link to take any action and then take them to a Phishing URL or a webpage with malicious content.
For E.g. the email below, which looks like it has come from Microsoft to users and asking users to click on a URL which would lead to
Office 365 Advanced Threat Protection enables Safe Link policy which protects users at the time of click by verifying the URL against threat intelligence for any phishing page or malicious content.
Please watch this video on how to configure Office 365 Safe Links with recommended configurations.
if you want to see a quick demo on how Office 365 Safe works, checkout the following video.