Restrict Microsoft365 tenant

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Restrict Microsoft365 tenant

L0 Member



To restrict access to specified Microsoft 365 tenant (allow company M365 tenant only), I have tired to follow below link for configuration.

Using HTTP Header Insertion For Sanctioned Access To Office365 ... - Knowledge Base - Palo Alto Netw...


But it's didn't work. Users still available to logon with personal M365 account.


Since URL including below only, is it the root cause ?





I also tried to use External Dynamic Lists "", but user then couldn't be access / browsing all Microsoft webpage.


External Dynamic List is provided by PaloAlto EDL Hosting Service (


Secondly, refer to Decryption log, I found error Received fatal alert CertificateUnknown from client. CA Issuer URL (truncated):


Furthermore, URL filtering license expired is showed in URL filtering, is it impact to configuration?



May I know what's the best practice to achieve it ?



Cyber Elite
Cyber Elite


I'm facing a similar issue and havent had a chance to look into it. I'll post when I find something.


  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!