- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-24-2020 02:47 AM
Hi,
We are in the process of implementing office 365. May I know what is the correct APP-ID for the below services? Please share if there is any best practice document for this.
Microsoft Stream
Audio Conferencing
My Analytics
Azure Active Directory
Azure Information Protection
Privileged Access Management
Privileged Identity Management
Management and security
Advanced Security Management
Intune (MDM)
Microsoft 365 Cloud App Security
Advanced Threat Protection
Thanks,
Manu
11-30-2020 06:26 PM
Hello there
This is somewhat of a loaded gun type of question.
There are 3360 apps known to the FW.
The list you described are general "umbrella" type traffic, that could hit many of the apps IDs.
Microsoft streaming and Office365 are two, somewhat overlapping but also disparate traffic patterns.
What you should do, is only allow traffic from the inside of your network, to the known O365 IPs (or use FQDN address object) and allow "any" application on the "application default" ports.
Now, because the traffic can only goto approved O365 addresses, the FW will see what the apps are, and then tell you (looking at logs, using the Apps Detected columns in 9.0 and higher) to tell you what apps are seen.
You can then allow these apps, or refine them to only what you needed.
I apologize for the general overview, but your question cannot really be answered in specifics.
11-30-2020 06:26 PM
Hello there
This is somewhat of a loaded gun type of question.
There are 3360 apps known to the FW.
The list you described are general "umbrella" type traffic, that could hit many of the apps IDs.
Microsoft streaming and Office365 are two, somewhat overlapping but also disparate traffic patterns.
What you should do, is only allow traffic from the inside of your network, to the known O365 IPs (or use FQDN address object) and allow "any" application on the "application default" ports.
Now, because the traffic can only goto approved O365 addresses, the FW will see what the apps are, and then tell you (looking at logs, using the Apps Detected columns in 9.0 and higher) to tell you what apps are seen.
You can then allow these apps, or refine them to only what you needed.
I apologize for the general overview, but your question cannot really be answered in specifics.
12-02-2020 12:28 AM
@S.Cantwell , thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!