Hei, We recently moved over to a full O365 solution and I am trying to customise the ruleset to Allow for O365 traffic when all other traffic is blocked.   Unfortunately I have hit a wall and cannot seem to get the application to be allowed. I am hoping one of you can point out what I have done wrong and how to correct it.   I have used Addresses (with FQDN) and Address Groups where I have defined all the sites that MS states are required. List is here: Office 365 URLs and IPs [Ideally I'd avoid using IPs as these are subject to change. 😉 ] I then changed the top level policy to allow for the Address Group. In testing, the client pc is able to start Office and receives the login screen but no login is able to complete. In the Monitor of PAN it details Destination as an IP and Application as "not-applicable"   I have also tried using the predefined Application setting (ms-office365), but then on the client pc it does not even resolve to the login screen, just displaying a bland "Unable to connect" pop-up.   Thanks in advance for any advice!     Details:     ... View more