10-01-2019 10:14 PM
We want one user to access sharepoint and sharepoint only via the internet, everything is to be locked down.
We have gone through the KB below.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTDCA0
It says to enable SSL Decryption. Do we need any certificate, Decryption Profile setup for this? Or the following setup is good enough?
10-08-2019 09:36 PM
Just want to let all know that following the documentation did not work.
Our client followed the steps below to allow one user to access sharepoint and sharepoint only via the internet while everything is locked down.
Objects > URL Category and created a new URL Category called SharePoint Online with all the URLs required for access to SharePoint Online.
Objects > URL Filtering and created a new URL Filter. All categories turned off except SharePoint Online and content-delivery-networks. Additionally;
URL Filtering Settings > Turn on > Log Container Page Only, User-Agent, Referer and X-Forwarded-For
User Credentials Detection > Use IP User Mapping and set Valid Username Detected Log Severity to HIGH
HTTP Header Insertion > Create new called Office365
Type > Microsoft Office365 Tenant Restrictions
Headers > add Tenant ID to Value field for Restrict-Access-To-Tenants and Restrict-Access-Context
Now we create the rule in Policies
Application > any
Service/URL Category > any
Actions > URL Filtering > the name of the filter you created above.
These steps ensured me that this only have access to SharePoint online via SSO and user could not access any other material online.
10-02-2019 10:54 AM
You'll need to actually configure decryption to get this to work, as your policy doesn't even include a decryption profile. More information can be found on how to do so HERE
10-02-2019 11:41 AM
Hello,
Also O365 and sharepoint dont like to be decrypted :(. I recommend you bypass these for decryption policies.
Regards,
10-08-2019 09:36 PM
Just want to let all know that following the documentation did not work.
Our client followed the steps below to allow one user to access sharepoint and sharepoint only via the internet while everything is locked down.
Objects > URL Category and created a new URL Category called SharePoint Online with all the URLs required for access to SharePoint Online.
Objects > URL Filtering and created a new URL Filter. All categories turned off except SharePoint Online and content-delivery-networks. Additionally;
URL Filtering Settings > Turn on > Log Container Page Only, User-Agent, Referer and X-Forwarded-For
User Credentials Detection > Use IP User Mapping and set Valid Username Detected Log Severity to HIGH
HTTP Header Insertion > Create new called Office365
Type > Microsoft Office365 Tenant Restrictions
Headers > add Tenant ID to Value field for Restrict-Access-To-Tenants and Restrict-Access-Context
Now we create the rule in Policies
Application > any
Service/URL Category > any
Actions > URL Filtering > the name of the filter you created above.
These steps ensured me that this only have access to SharePoint online via SSO and user could not access any other material online.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
