O365 sub-applications

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

O365 sub-applications

L2 Linker

Currently, our palo alto only detects the following O365 applications

*ms-office365

*outlook-web-online

*sharepoint-online

*ms-office365-base

*ms-teams

*ms-lync-online

 

Do we need to enable SSL decryption so that it can detect other sub-applications? (ms-downloading, ms-uploading, ms-posting, etc.)

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@theonewhoknocks ,

To expand on the correct answer of @OGMaverick; the firewall can't actually identify any of the more specific app-ids unless it can actually inspect the full traffic via decryption. Without decryption, the app-id process is really "best-effort" practice and you'll miss out on the finer controls that you would have had access to if decrypting the traffic. 

View solution in original post

3 REPLIES 3

L3 Networker

Yes

Cyber Elite
Cyber Elite

@theonewhoknocks ,

To expand on the correct answer of @OGMaverick; the firewall can't actually identify any of the more specific app-ids unless it can actually inspect the full traffic via decryption. Without decryption, the app-id process is really "best-effort" practice and you'll miss out on the finer controls that you would have had access to if decrypting the traffic. 

If we decrypt O365 traffic, can it "see" the file names of the files being transmitted? Right now we are using an Exchange solution, that even if the traffic is decrypted, the firewall cannot "see" the files, so in the monitor there is no indication that a file was attached to an email, that would be something we would like to implement.

  • 1 accepted solution
  • 8495 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!