Office 365 URL Filter

cancel
Showing results for 
Search instead for 
Did you mean: 

Office 365 URL Filter

L1 Bithead

Hi,

 

New to Palo Alto so might be an easy solution. Im trying to set up URL filtering to allow Office 365. Ive test the object and policy with other websites such as bbc.co.uk and sky.com so i know my policy works, however, when i add the office 365 URLs from https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-world...it doesnt seem to work. Any ideas are welcomed

8 REPLIES 8

Cyber Elite
Cyber Elite

Hi @thomas.rogers104 

Did you add the urls to a custom url category which you then use in an url filteringnprofile or directly to a security policy rule?

What exactly does not work? Are the connections blocked to office365? Isn't the traffic using the rule you think it should (the one where you use the office365 urls)? Or does it show some ither errors / problems?

Hi @vsys_remo ,

I added the URLs from the Microsoft website to a custom URL category and then used in a URL filtering profile which i assigned to a policy. The problem seems to be that whenever it goes to login to Office 365 the site is still blocked. My aim is to deny all internet traffic apart from specific sites such as O365. 

I know the rule works for other addresses such as bbc.co.uk but doesnt work while authenticating with O365

 

Hi @thomas.rogers104 

Did you add all the urls from that url in your first post in this topic? Including login.microsoftonline.com (which probably is the most important one for the login)?

Hi @vsys_remo ,

yeah ive got that in there

thomasrogers104_0-1628678808481.png

when i go to enter that URL it gets blocked

When you check the logs for this connection, does it hit the security policy rule where you added the custom url category?

When i monitor it i see it attempting to get to 'ms-office365-base' application but its ended with policy-deny

And you did allow this application in the policy? If yes, then I would change your setup a little bit - at least for troubleshooting.

  • In your existing rule add the custom URL category directly to it instead of the url filtering profile. As URL filtering profile you add temporary one that has everything set to alert.
  • Create a second rule where you configure again the alert-all URL filtering profile and do not specify an URL category directly in that rule

This way I assume the access will work and you will see in the URL logs which URLs are missing in your custom category.

I think ive got it sorted now. added ms-office365 to the applications on the rule and its allowing it through now. Thanks for your help @vsys_remo , much appreciated.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!