https://live.paloaltonetworks.com/t5/general-topics/application-recognition-quot-ms-teams-audio-video-quot/m-p/515818#M107140 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a>&nbsp;<BR />I'm not sure if it's related to certificate pinning.&nbsp;We tested this earlier in May 2022 on a few machines (proof-of-concept) and then the tests were successful.<BR /><BR />If it is related to certificate pinning what is the key function of the application <STRONG>ms-teams-audio-video</STRONG>?</P> Mon, 26 Sep 2022 08:10:42 GMT PatrickPater 2022-09-26T08:10:42Z https://live.paloaltonetworks.com/t5/general-topics/application-recognition-quot-ms-teams-audio-video-quot/m-p/515799#M107130 <P>Hello,</P> <P>&nbsp;</P> <P>I run into behavior that I can't explain.<BR />We make teams available on the virtual desktops (web-based &amp; desktop app)<BR />We only want to block the use of audio and video within the functionality of both teams options. <BR />Users are not allowed to use this (due to performance reasons)</P> <P>&nbsp;</P> <P>In our situation we have configured ssl/tls decryption.<BR />One policy has been defined that blocks the <STRONG>ms-teams-audio-video</STRONG>&nbsp;application.<BR />All other <STRONG>ms-teams*</STRONG>&nbsp;applications are allowed.</P> <P>However, this ensures that audio and video can be used in both options, the desktop app and web-based.</P> <P><BR />In the logging I see that the traffic is recognized as <STRONG>ms-teams</STRONG> and I don't see any <STRONG>ms-teams-audio-video</STRONG>.<BR />I expected that as soon as I use audio and video in teams the Palo would recognize this as <STRONG>ms-teams-audio-video</STRONG></P> <P>&nbsp;</P> <P>Am I misunderstanding things and is this normal behavior? Or does the application recognition not work properly?</P> <P>&nbsp;</P> <P>software-version 10.1.6-h3<BR />apps &amp; threats: 8261-7584</P> <P>&nbsp;</P> <P>With kind regards,<BR />Patrick Pater</P> Fri, 23 Sep 2022 10:28:51 GMT https://live.paloaltonetworks.com/t5/general-topics/application-recognition-quot-ms-teams-audio-video-quot/m-p/515799#M107130 PatrickPater 2022-09-23T10:28:51Z https://live.paloaltonetworks.com/t5/general-topics/application-recognition-quot-ms-teams-audio-video-quot/m-p/515813#M107136 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/122438">@PatrickPater</a>,</P> <P>I can verify that I can replicate this behaviour, but I'm actually wondering if its not related to default decryption exclusions that are in place for several Microsoft domains due to certificate pinning?&nbsp;</P> Fri, 23 Sep 2022 14:01:54 GMT https://live.paloaltonetworks.com/t5/general-topics/application-recognition-quot-ms-teams-audio-video-quot/m-p/515813#M107136 BPry 2022-09-23T14:01:54Z https://live.paloaltonetworks.com/t5/general-topics/application-recognition-quot-ms-teams-audio-video-quot/m-p/515818#M107140 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a>&nbsp;<BR />I'm not sure if it's related to certificate pinning.&nbsp;We tested this earlier in May 2022 on a few machines (proof-of-concept) and then the tests were successful.<BR /><BR />If it is related to certificate pinning what is the key function of the application <STRONG>ms-teams-audio-video</STRONG>?</P> Mon, 26 Sep 2022 08:10:42 GMT https://live.paloaltonetworks.com/t5/general-topics/application-recognition-quot-ms-teams-audio-video-quot/m-p/515818#M107140 PatrickPater 2022-09-26T08:10:42Z https://live.paloaltonetworks.com/t5/general-topics/application-recognition-quot-ms-teams-audio-video-quot/m-p/583611#M116645 <P>tested with ssl decrypt enabled and works great. blocks the call completely but not any of the other features. this will be good for some client terminal servers. now if i could do the same with Zoom and GoTo.</P> Fri, 12 Apr 2024 23:06:36 GMT https://live.paloaltonetworks.com/t5/general-topics/application-recognition-quot-ms-teams-audio-video-quot/m-p/583611#M116645 Daniel_Gill 2024-04-12T23:06:36Z