>
    Microsoft 365
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Manage: NGFW and Prisma Access
    4. Manage: Objects
    5. Manage: SaaS Application Management
    6. Microsoft 365
    Download PDF
    Strata Cloud Manager

    Microsoft 365

    Table of Contents

    Microsoft 365

    Prisma Access gives you simple, centralized management for your SaaS applications, including Microsoft 365 apps.
    Prisma Access gives you simple, centralized management for your SaaS applications, including Microsoft 365 apps.

    Easy M365 Enablement

    Built-in security and decryption rules, as well as a guided walkthrough, mean you can safely enable M365 in just a few clicks.
    • Built-in security rules allow M365 apps, and ensure that they connect only to Microsoft endpoints
    • Built-in decryption rules skip decryption for traffic destined to Microsoft-categorized Optimize endpoints (this is Microsoft’s recommendation)
    • The guided walkthrough will get you up and running with M365 in two steps.

    M365 for Enterprise Use

    Safely enable your Microsoft apps for enterprise use by:
    To manage Microsoft 365 usage, go to ManageConfigurationNGFW and Prisma Access. Select Prisma Access configuration scope, go to ObjectsSaaS App Management and edit Microsoft 365 settings.

    Microsoft 365 Endpoint Lists

    Microsoft publishes lists of the IP addresses and URL endpoints their SaaS applications use, and frequently updates these lists.
    Palo Alto Networks hosts these lists for you, and from within Prisma Access, you can subscribe to the lists that are relevant to you (including optional and required lists). You can use the lists you’re subscribe to in policy. As Microsoft refreshes their endpoint lists, your policy dynamically enforces the latest version of the list; there’s no need for you to monitor list changes or make manual policy updates to catch the latest updates.
    1. Subscribe to an endpoint list
      1. Edit Microsoft 365 settings and go to Endpoint Lists.
      2. Select Customize Subscription and choose the endpoint lists you want to subscribe to, based on the services you’re using and the list type (IPv4, IPv6, or URL).
    2. Add the endpoint list to a security policy rule
      Your subscribed lists are available for you to use as match criteria in a security policy rule.
      1. Go to ManageConfigurationNGFW and Prisma AccessSecurity ServicesSecurity Policy and add or edit a rule.
      2. Add SaaS Application Endpoint lists as match criteria for the rule.

    Microsoft 365 Tenant Restrictions

    Tenant restrictions give you a way limit app usage to enterprise accounts (stop users from accessing their personal Microsoft accounts on the company network). To put tenant restrictions in place:
    Specify the Microsoft 365 tenants to which you want to allow access.
    1. Specify the Microsoft 365 domains and tenants to which you want to allow access.
    2. Add the tenant restrictions to a security policy rule.
      While you can add tenant restrictions to a security policy rule directly from the Microsoft 365 settings here, any tenant restrictions you’ve configured can also be easily added to new and existing security policy rules:

    © 2024 Palo Alto Networks, Inc. All rights reserved.