https://live.paloaltonetworks.com/t5/general-topics/outlook-and-mapi-over-http/m-p/1244765#M125769 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/220841">@JayGolf</a>&nbsp;</P> <P>Previously, Outlook traffic was under <STRONG>SSL</STRONG> and <STRONG>WebBrowsing</STRONG> rules, and now under <STRONG>mapi-over-http</STRONG>, which was previously not in the logs. Nothing was changed in the PA rules.</P> Wed, 31 Dec 2025 10:16:54 GMT mariusz.rendaszka 2025-12-31T10:16:54Z https://live.paloaltonetworks.com/t5/general-topics/outlook-and-mapi-over-http/m-p/1244725#M125761 <P>Hello team,</P> <P>Today, I had problems connecting Outlook 2019 to Exchange Online. After analyzing: it turned out that my PA suddenly started dropping the Mapi-over-http application, which it didn't need previously. What could be causing this behavior?</P> <P>&nbsp;</P> Mon, 29 Dec 2025 12:03:36 GMT https://live.paloaltonetworks.com/t5/general-topics/outlook-and-mapi-over-http/m-p/1244725#M125761 mariusz.rendaszka 2025-12-29T12:03:36Z https://live.paloaltonetworks.com/t5/general-topics/outlook-and-mapi-over-http/m-p/1244762#M125767 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1364108851">@mariusz.rendaszka</a>&nbsp;,</P> <P>&nbsp;</P> <P>When something that's been working suddenly starts getting dropped/blocked, Id recommend looking at the traffic logs. What does the actual session-end reason show? Also, which security policy was it previously hitting? &amp; what is it doing now? (is it not hitting a policy and hitting your deny rule?) Reviewing these will help us determine the root cause and help narrow down whether this is a policy matching/ security profile enforcement/App-ID behavior change issue.&nbsp;</P> Wed, 31 Dec 2025 01:19:34 GMT https://live.paloaltonetworks.com/t5/general-topics/outlook-and-mapi-over-http/m-p/1244762#M125767 JayGolf 2025-12-31T01:19:34Z https://live.paloaltonetworks.com/t5/general-topics/outlook-and-mapi-over-http/m-p/1244765#M125769 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/220841">@JayGolf</a>&nbsp;</P> <P>Previously, Outlook traffic was under <STRONG>SSL</STRONG> and <STRONG>WebBrowsing</STRONG> rules, and now under <STRONG>mapi-over-http</STRONG>, which was previously not in the logs. Nothing was changed in the PA rules.</P> Wed, 31 Dec 2025 10:16:54 GMT https://live.paloaltonetworks.com/t5/general-topics/outlook-and-mapi-over-http/m-p/1244765#M125769 mariusz.rendaszka 2025-12-31T10:16:54Z https://live.paloaltonetworks.com/t5/general-topics/outlook-and-mapi-over-http/m-p/1244769#M125771 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/787988175">@mar</a>&nbsp;</P> <P>&nbsp;</P> <P data-start="217" data-end="478">Gotcha, that makes sense. App-ID can dynamically reclassify traffic as it gains more context, and in this case it’s being identified as mapi-over-http. App-ID behavior can also change as part of regular content updates, even when no policy changes are made.</P> <P data-start="217" data-end="478">&nbsp;</P> <P data-start="480" data-end="829">At this point, you've reviewed the traffic logs to confirm how the session is now being identified. You can either add the mapi-over-http app to the appropriate outbound security policy or create a small, explicit rule for this traffic (or related Windows traffic) so it’s handled intentionally.</P> Wed, 31 Dec 2025 19:36:30 GMT https://live.paloaltonetworks.com/t5/general-topics/outlook-and-mapi-over-http/m-p/1244769#M125771 JayGolf 2025-12-31T19:36:30Z https://live.paloaltonetworks.com/t5/general-topics/outlook-and-mapi-over-http/m-p/1244788#M125775 <P>That's what I did. Thank you for your help, Jay.</P> Fri, 02 Jan 2026 18:35:30 GMT https://live.paloaltonetworks.com/t5/general-topics/outlook-and-mapi-over-http/m-p/1244788#M125775 mariusz.rendaszka 2026-01-02T18:35:30Z