O365 sub-applications

L2 Linker

O365 sub-applications

Currently, our palo alto only detects the following O365 applications

*ms-office365

*outlook-web-online

*sharepoint-online

*ms-office365-base

*ms-teams

*ms-lync-online

 

Do we need to enable SSL decryption so that it can detect other sub-applications? (ms-downloading, ms-uploading, ms-posting, etc.)

Tags (2)
L3 Networker

Re: O365 sub-applications

Yes

Highlighted
L7 Applicator

Re: O365 sub-applications

@theonewhoknocks ,

To expand on the correct answer of @OGMaverick; the firewall can't actually identify any of the more specific app-ids unless it can actually inspect the full traffic via decryption. Without decryption, the app-id process is really "best-effort" practice and you'll miss out on the finer controls that you would have had access to if decrypting the traffic. 

Re: O365 sub-applications

If we decrypt O365 traffic, can it "see" the file names of the files being transmitted? Right now we are using an Exchange solution, that even if the traffic is decrypted, the firewall cannot "see" the files, so in the monitor there is no indication that a file was attached to an email, that would be something we would like to implement.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!