[w3ll_w3ll_w3ll]

Microsoft Safe Link technology does not actually inspect the link until the user clicks on the link. This is to avoid that confirmation links, used by some service to confirm registratio or as 2FA, may be triggered by the security engine without user consent.

[caddy]

Our workplace outlook phishing protection does though. I was signing up to test one of our apps recently and my email was auto confirmed in 5 seconds despite me never receiving it. Turns out it was caught in the phish filter which automatically clicked the link to check it, so the above is not always true. Confirmed this with a few co-workers too.