12-29-2025 03:42 AM - edited 12-29-2025 04:03 AM
Hello team,
Today, I had problems connecting Outlook 2019 to Exchange Online. After analyzing: it turned out that my PA suddenly started dropping the Mapi-over-http application, which it didn't need previously. What could be causing this behavior?
12-30-2025 05:19 PM
Hi @mariusz.rendaszka ,
When something that's been working suddenly starts getting dropped/blocked, Id recommend looking at the traffic logs. What does the actual session-end reason show? Also, which security policy was it previously hitting? & what is it doing now? (is it not hitting a policy and hitting your deny rule?) Reviewing these will help us determine the root cause and help narrow down whether this is a policy matching/ security profile enforcement/App-ID behavior change issue.
12-31-2025 02:16 AM
Hi @JayGolf
Previously, Outlook traffic was under SSL and WebBrowsing rules, and now under mapi-over-http, which was previously not in the logs. Nothing was changed in the PA rules.
12-31-2025 11:36 AM
Gotcha, that makes sense. App-ID can dynamically reclassify traffic as it gains more context, and in this case it’s being identified as mapi-over-http. App-ID behavior can also change as part of regular content updates, even when no policy changes are made.
At this point, you've reviewed the traffic logs to confirm how the session is now being identified. You can either add the mapi-over-http app to the appropriate outbound security policy or create a small, explicit rule for this traffic (or related Windows traffic) so it’s handled intentionally.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
