Scheduled maintenance on Saturday, August 8th from 7am to 10am (UTC). Licensing registrations and key activations will be unavailable during this period. More info here.

Credential Harvesting being stopped by Windows Defender SmartScreen

It's good but it's bad.

I've bypassed all domain and URL filtering successfully in Office 365/ATP. However, when a user clicks the link it's still getting caught by 

Windows Defender SmartScreen. It looks like any GPO settings are all or nothing and we certainly don't want to disable this across the entire domain.
Had anyone else ran into this issue. Credential harvesting campaigns are something we really want to start using.