We have managed to do this by creating FQDN's for the Microsoft email servers and also a custom URL category.How we have achieved this is with 2 security rules. First Security Rule: which allows users to the Microsoft email domains (FQDNs) on specific applications Second Security Rule: allows users to a specific custom url group (blacked out is the custom URL group we used for our customer) . You should observe traffic of users who generate only this traffic to fully understand if you are missing a service, port, server (FQDN), and or URL. (This took one of co-workers a good amount of time to wrap a fence around it)
... View more