O365 sub-applications

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L3 Networker

O365 sub-applications

Currently, our palo alto only detects the following O365 applications

*ms-office365

*outlook-web-online

*sharepoint-online

*ms-office365-base

*ms-teams

*ms-lync-online

 

Do we need to enable SSL decryption so that it can detect other sub-applications? (ms-downloading, ms-uploading, ms-posting, etc.)

Tags (2)

Accepted Solutions
Highlighted
Cyber Elite

@theonewhoknocks ,

To expand on the correct answer of @OGMaverick; the firewall can't actually identify any of the more specific app-ids unless it can actually inspect the full traffic via decryption. Without decryption, the app-id process is really "best-effort" practice and you'll miss out on the finer controls that you would have had access to if decrypting the traffic. 

View solution in original post


All Replies
Highlighted
L3 Networker

Yes

Highlighted
Cyber Elite

@theonewhoknocks ,

To expand on the correct answer of @OGMaverick; the firewall can't actually identify any of the more specific app-ids unless it can actually inspect the full traffic via decryption. Without decryption, the app-id process is really "best-effort" practice and you'll miss out on the finer controls that you would have had access to if decrypting the traffic. 

View solution in original post

Highlighted

If we decrypt O365 traffic, can it "see" the file names of the files being transmitted? Right now we are using an Exchange solution, that even if the traffic is decrypted, the firewall cannot "see" the files, so in the monitor there is no indication that a file was attached to an email, that would be something we would like to implement.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!