https://live.paloaltonetworks.com/t5/general-topics/hybrid-model-where-some-exchange-mailboxes-are-hosted-in/m-p/400187#M91595 <P>Follow this:</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POJACA4" target="_blank" rel="noopener">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POJACA4</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>If you are planning to do SSL decryption you may see some issues like for sharepoint so be prepared</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/general-topics/how-to-exclude-office-365-from-ssl-decryption/m-p/168444" target="_blank" rel="noopener">https://live.paloaltonetworks.com/t5/general-topics/how-to-exclude-office-365-from-ssl-decryption/m-p/168444</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><EM>For the best security for Cloud Apps CASB (Cloud Access Security Broker) is needed if you are in a health or bank company, so maybe also see <SPAN class="aCOpRe">Prisma SaaS or other CASB provider.</SPAN></EM></P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://www.paloaltonetworks.com/prisma/saas" target="_blank" rel="noopener">https://www.paloaltonetworks.com/prisma/saas</A></P> Mon, 19 Apr 2021 18:16:25 GMT nikoolayy1 2021-04-19T18:16:25Z https://live.paloaltonetworks.com/t5/general-topics/hybrid-model-where-some-exchange-mailboxes-are-hosted-in/m-p/399914#M91588 <P>We have clients who want a Hybrid model (where some exchange mailboxes are hosted in Microsoft 365) rather than full blown integration.</P><P>&nbsp;</P><P>Would the proposed solution (using DNAT) with the sources constrained to the Microsoft approved IP/URL list and having the Palo Alto inspect the traffic be regarded secure enough?</P> Mon, 19 Apr 2021 14:23:52 GMT https://live.paloaltonetworks.com/t5/general-topics/hybrid-model-where-some-exchange-mailboxes-are-hosted-in/m-p/399914#M91588 NavidAlam 2021-04-19T14:23:52Z https://live.paloaltonetworks.com/t5/general-topics/hybrid-model-where-some-exchange-mailboxes-are-hosted-in/m-p/400187#M91595 <P>Follow this:</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POJACA4" target="_blank" rel="noopener">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POJACA4</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>If you are planning to do SSL decryption you may see some issues like for sharepoint so be prepared</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/general-topics/how-to-exclude-office-365-from-ssl-decryption/m-p/168444" target="_blank" rel="noopener">https://live.paloaltonetworks.com/t5/general-topics/how-to-exclude-office-365-from-ssl-decryption/m-p/168444</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><EM>For the best security for Cloud Apps CASB (Cloud Access Security Broker) is needed if you are in a health or bank company, so maybe also see <SPAN class="aCOpRe">Prisma SaaS or other CASB provider.</SPAN></EM></P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://www.paloaltonetworks.com/prisma/saas" target="_blank" rel="noopener">https://www.paloaltonetworks.com/prisma/saas</A></P> Mon, 19 Apr 2021 18:16:25 GMT https://live.paloaltonetworks.com/t5/general-topics/hybrid-model-where-some-exchange-mailboxes-are-hosted-in/m-p/400187#M91595 nikoolayy1 2021-04-19T18:16:25Z https://live.paloaltonetworks.com/t5/general-topics/hybrid-model-where-some-exchange-mailboxes-are-hosted-in/m-p/400304#M91596 <P>Hello,</P> <P>Could you expand on the statement "secure enough"?&nbsp;</P> <P>Regards,</P> Mon, 19 Apr 2021 20:54:24 GMT https://live.paloaltonetworks.com/t5/general-topics/hybrid-model-where-some-exchange-mailboxes-are-hosted-in/m-p/400304#M91596 OtakarKlier 2021-04-19T20:54:24Z