[Decode an ATP safelink] Decode Microsoft Defender ATP SafeLink to plain text

DecodeSafelink.ps1

<#
.SYNOPSIS
Decode an ATP safelink
#>
Param([Parameter(Mandatory=$true)][Uri]$uri)


'Host: {0}' -f $uri.Host
# Split query into Name, Unescaped Value pairs.
if ($uri.Query) { 
    $query = @{}
    $uri.Query.Substring(1) -split '&' | ForEach-Object { 
        $key,$value = $_.Split('=')
        $query[$key] = [URI]::UnescapeDataString($value)
    } 
    'Data: {0}' -f $query['data']
    'URL:  {0}' -f $query['url']
}