Hello all, I'm trying to fine tune a security policy to allow MS-Teams to update; based on what I can see the logs, it seems to contact statics.teams.cdn.office.net for the update. I have created a single policy with that destination as a FQDN, allowing the usual ports and applications. However, the rule is never hit, it skips over it and hits a deny rule. When I check the URL Filtering logs, it does indeed show that it hits statics.teams.cdn.office.net but the destination IP is completely different than any ping, nslookup, PAN resolve, etc... to that FQDN and I can't figure out why the IP doesn't match what returns for that FQDN. Does anyone have any experience with something similar or even a better way that I might be able to allow Teams to update through the application itself? Thank you.
... View more