The researchers tested the baseStriker attack against several configurations and found that ”anyone using Office 365 in any configuration is vulnerable,” be it web-based client, mobile app or desktop application of OutLook.
https://thehackernews.com/2018/05/microsoft-safelinks-phishing.html