Microsoft publishes lists of the IP addresses
and URL endpoints their SaaS applications use, and frequently updates
Palo Alto Networks hosts these lists for you,
and from within Prisma Access, you can subscribe to the lists that
are relevant to you (including optional and required lists). You
can use the lists you’re subscribe to in policy. As Microsoft refreshes
their endpoint lists, your policy dynamically enforces the latest
version of the list; there’s no need for you to monitor list changes
or make manual policy updates to catch the latest updates.
Subscribe to an endpoint list
Edit Microsoft 365 settings and go to
and choose the
endpoint lists you want to subscribe to, based on the services
you’re using and the list type (IPv4, IPv6, or URL).
Add the endpoint list to a security policy rule
Your subscribed lists are available for you to use as match
criteria in a security policy rule.
NGFW and Prisma Access
and add or edit a rule.
SaaS Application Endpoint
match criteria for the rule.
Microsoft 365 Tenant Restrictions
Tenant restrictions give you a way limit app
usage to enterprise accounts (stop users from accessing their personal
Microsoft accounts on the company network). To put tenant restrictions
Specify the Microsoft 365 tenants to which you want
to allow access.
Specify the Microsoft 365 domains and tenants
to which you want to allow access.
Add the tenant restrictions to a security policy rule.
While you can add tenant restrictions to a security policy
rule directly from the Microsoft 365 settings here, any tenant restrictions
you’ve configured can also be easily added to new and existing security