Office 365 App-ID

Reply
Manu_Shankar
L1 Bithead

Office 365 App-ID

Hi, 

 

We are in the process of implementing office 365. May I know what is the correct APP-ID for the below services? Please share if there is any best practice document for this. 

 

Microsoft Stream
Audio Conferencing
My Analytics
Azure Active Directory
Azure Information Protection
Privileged Access Management
Privileged Identity Management
Management and security
Advanced Security Management
Intune (MDM)
Microsoft 365 Cloud App Security
Advanced Threat Protection

 

Thanks,

Manu


Accepted Solutions
SteveCantwell
Cyber Elite

Hello there

 

This is somewhat of a loaded gun type of question.

There are 3360 apps known to the FW.

 

The list you described are general "umbrella" type traffic, that could hit many of the apps IDs.

Microsoft streaming and Office365 are two, somewhat overlapping but also disparate traffic patterns.

 

What you should do, is only allow traffic from the inside of your network, to the known O365 IPs (or use FQDN address object) and allow "any" application on the "application default" ports.

 

Now, because the traffic can only goto approved O365 addresses, the FW will see what the apps are, and then tell you (looking at logs, using the Apps Detected columns in 9.0 and higher) to tell you what apps are seen.

 

You can then allow these apps, or refine them to only what you needed.

 

I apologize for the general overview, but your question cannot really be answered in specifics.

 

Help the community: Like helpful comments and mark solutions

View solution in original post


All Replies
SteveCantwell
Cyber Elite

Hello there

 

This is somewhat of a loaded gun type of question.

There are 3360 apps known to the FW.

 

The list you described are general "umbrella" type traffic, that could hit many of the apps IDs.

Microsoft streaming and Office365 are two, somewhat overlapping but also disparate traffic patterns.

 

What you should do, is only allow traffic from the inside of your network, to the known O365 IPs (or use FQDN address object) and allow "any" application on the "application default" ports.

 

Now, because the traffic can only goto approved O365 addresses, the FW will see what the apps are, and then tell you (looking at logs, using the Apps Detected columns in 9.0 and higher) to tell you what apps are seen.

 

You can then allow these apps, or refine them to only what you needed.

 

I apologize for the general overview, but your question cannot really be answered in specifics.

 

Help the community: Like helpful comments and mark solutions

View solution in original post

Manu_Shankar
L1 Bithead

@SteveCantwell , thank you. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!