SSL Decryption for Office 365 and Sharepoint

Reply
Highlighted
L4 Transporter

SSL Decryption for Office 365 and Sharepoint

We want one user to access sharepoint and sharepoint only via the internet, everything is to be locked down.

 

We have gone through the KB below.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTDCA0

 

It says to enable SSL Decryption. Do we need any certificate, Decryption Profile setup for this? Or the following setup is good enough?

 

SampleScreenshot.jpg

 


Accepted Solutions
Highlighted
L4 Transporter

Just want to let all know that following the documentation did not work.

 

Our client followed the steps below to allow one user to access sharepoint and sharepoint only via the internet while everything is locked down.

 

Objects > URL Category and created a new URL Category called SharePoint Online with all the URLs required for access to SharePoint Online.

 

Objects > URL Filtering and created a new URL Filter. All categories turned off except SharePoint Online and content-delivery-networks. Additionally;

               

                URL Filtering Settings > Turn on > Log Container Page Only, User-Agent, Referer and X-Forwarded-For


                User Credentials Detection > Use IP User Mapping and set Valid Username Detected Log Severity to HIGH


                HTTP Header Insertion > Create new called Office365

                                                Type > Microsoft Office365 Tenant Restrictions

                                                Headers > add Tenant ID to Value field for Restrict-Access-To-Tenants and Restrict-Access-Context

 

Now we create the rule in Policies

                Application > any

                Service/URL Category > any

                Actions > URL Filtering > the name of the filter you created above.

 

 

These steps ensured me that this only have access to SharePoint online via SSO and user could not access any other material online.

View solution in original post


All Replies
Highlighted
Cyber Elite

@FarzanaMustafa,

You'll need to actually configure decryption to get this to work, as your policy doesn't even include a decryption profile. More information can be found on how to do so HERE

Highlighted
Cyber Elite

Hello,

Also O365 and sharepoint dont like to be decrypted :(. I recommend you bypass these for decryption policies.

 

Regards,

Highlighted
L4 Transporter

Just want to let all know that following the documentation did not work.

 

Our client followed the steps below to allow one user to access sharepoint and sharepoint only via the internet while everything is locked down.

 

Objects > URL Category and created a new URL Category called SharePoint Online with all the URLs required for access to SharePoint Online.

 

Objects > URL Filtering and created a new URL Filter. All categories turned off except SharePoint Online and content-delivery-networks. Additionally;

               

                URL Filtering Settings > Turn on > Log Container Page Only, User-Agent, Referer and X-Forwarded-For


                User Credentials Detection > Use IP User Mapping and set Valid Username Detected Log Severity to HIGH


                HTTP Header Insertion > Create new called Office365

                                                Type > Microsoft Office365 Tenant Restrictions

                                                Headers > add Tenant ID to Value field for Restrict-Access-To-Tenants and Restrict-Access-Context

 

Now we create the rule in Policies

                Application > any

                Service/URL Category > any

                Actions > URL Filtering > the name of the filter you created above.

 

 

These steps ensured me that this only have access to SharePoint online via SSO and user could not access any other material online.

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!