This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Desktop Office apps unable to see Microsoft O365 people or resources

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Desktop Office apps unable to see Microsoft O365 people or resources

RobertTryba
L1 Bithead

‎04-20-2022 05:48 AM

Hi,

Have two separate issues, but think they are connected by lack of firewall rule somewhere, cannot locate what I am missing thou..

Issue1:

When I try to use SHARE button inside desktop version of Word/Excel/PPoint to share document, cannot see anyone in drop down, cannot search for any users and in general it's not populating. I don't have that problem when trying to share document that is saved in any online location - all employees showing in 'share with' window.

Issue 2: 

I cannot connect to any of my PowerBI datasets located online from any desktop Excel. That is true for any user, on any computer, on any VLAN I have. When I select Get Data/from PowerBI, only thing that I can see is grey column with spinning wheel.

 

When users attempt to connect to same datasets from non-corporate devices, they can just fine.

 

We have converged Palo environment: GlobalProtect, VPN portals, Cortex, on-prem Palo firewalls. 

I am very new to Palo firewalls, just been on PAN-210 training course few days ago, so understand building blocks of security rules, but this is 'art' part of knowledge and I am not there yet.

Anyone had similar issue and can lead me to a app, service, combination of both that is responsible for communication with MS online resources from within Office apps?

Our Outlook and SharePoint online portals works perfectly fine, can get mails and access Intranet website without issue.

 

Regards

Robert

Regards
Robert Tryba
0 Likes Likes
8 REPLIES 8

BPry
Cyber Elite
Cyber Elite

‎04-20-2022 10:14 AM

@RobertTryba,

Do you decrypt outbound traffic on your network? Have you enabled logging on the interzone-default security entry so that uncaught denied traffic is actually being recorded in the traffic logs? 

0 Likes Likes

JonathanFonner
L0 Member

‎04-20-2022 01:03 PM

Similar issue that started today. My Office 365 would not complete MFA and it was because my firewall thought the dest IP was in China and was blocking the traffic. I have tried rolling back Applications and threats but that hasn't changed anything. I ended up disabling the geo rule until it gets patched. 

0 Likes Likes

LAYER_8
L5 Sessionator
In response to JonathanFonner

‎04-20-2022 01:23 PM

We are currently tracking an issue with this. Content update 8559 is causing outages, as geo-ip data is showing incorrect mappings. TAC is currently working on an advisory to customers, but, there are microsoft services and opendns resolvers in the problematic subnets: 

13.107.202.0-13.107.255.255
52.127.91.0-52.127.93.255
146.75.32.0-146.75.47.255
168.63.129.16 - 168.63.129.31
142.250.176.0 - 142.250.183.255
208.67.220.0 - 208.67.220.255

Please follow these instructions to revert below 8559 and see if that fixes your issue. 

Help the community! Add tags & mark solutions please.

RobertTryba
L1 Bithead

‎04-22-2022 06:31 AM - edited ‎04-22-2022 06:34 AM

Hi,

Still getting my head around Panorama's 'pre' and 'post' rules, 

We do have decrypt rule on outgoing traffic and we do have catch rule with logging enabled. 

Any specific events I should look for ?

 

Edit:

Just found we also have 'don't decrypt O365 traffic rule' in other part of Panorama, so back to beginnings. Any key terms I should look for in logs..?

Regards
Robert Tryba
0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks