1. Home
    2. Prisma
    3. Prisma Access
    4. Prisma Access (Cloud Management)
    5. Mobile Users
    6. App-Based Office 365 Integration with Explicit Proxy

    App-Based Office 365 Integration with Explicit Proxy

    Prisma Access Explicit Proxy supports the browser-based and app-based version of Office 365 (M365), including Office Online (office.com). Web-based (browser-based) Office 365 is supported with no additional configuration required on Explicit Proxy; to use app-based version of Office 365, complete the following steps.
    1. Visit the EDL Hosting Service and identify the Feed URL for your SaaS application.
      Review the Microsoft 365 documentation for more information which Feed URL is best for your use case. Additionally, consider the SaaS application and location of users accessing the SaaS application when identifying a Feed URL to use. For example, if you have a branch in Germany that only needs to access Exchange Online, select a Feed URL from the
      Service Area: Exchange Online
       for
      Germany
      .
    2. (
      Best Practices
      ) Create a certificate profile to authenticate the EDL Hosting Service.
      3. Import the GlobalSign Root R1 certificate from Cloud Managed Prisma Access.
        1. In Cloud Managed Prisma Access, go to
          Manage
          Configuration
          Objects
          Certificate Management
          , set the scope to
          Explicit Proxy
          , and
          Import
           a new certificate.
        2. Enter a descriptive
          Certificate Name
          .
        3. For the
          Certificate File
          , select
          Choose File
           and select the certificate you converted in the previous step.
        4. For the file
          Format
          , select
          Base64 Encoded Certificate (PEM)
          .
        5. Save
           your changes.
      4. Create a certificate authority (CA) certificate profile.
        1. Add Profile
           in the
          Certificate Profiles
           area.
        2. Enter a descriptive
          Name
          .
        3. For the
          CA Certificate
          ,
          Add
           the certificate you imported in the previous step.
        4. Save
           your changes.
    3. Create an EDL using a Feed URL from the EDL Hosting Service.
      1. Go to
        Manage
        Configuration
        Objects
        External Dynamic Lists
         and
        Add External Dynamic List
        , making sure that the scope is still set to
        Explicit Proxy
        .
      2. Enter a descriptive
        Name
         for the EDL.
      3. Select a
        Type
         of
        URL List
        .
      4. (
        Optional
        ) Enter a
        Description for the EDL
      5. Enter the Feed URL as the EDL
        Source
        .
        Enforce all endpoints within a specific Feed URL. Adding an excluding a specific endpoint from a Feed URL can cause connectivity issues to the SaaS application.
      6. (
        Best Practices
        ) Select the
        Certificate Profile
         you created in the previous step.
      7. Specify the frequency the firewall should
        Check for updates
         to match the update frequency of the Feed URL.
        For example, if the Feed URL is updated daily by Palo Alto Networks then configure the EDL to check for updates
        Daily
        .
        Palo Alto Networks displays the update frequency for each Feed URL in the EDL Hosting Service. Feed URLs are automatically updated with any new endpoints.
      8. Save
         your changes.
    4. Add a decryption policy to prevent decryption for the EDL Feed URLs.
      1. Select
        Manage
        Configuration
        Decryption
        , set the scope to
        Explicit Proxy
        , and
        Add Rule
        .
      2. Enter a descriptive
        Name
         for the policy.
      3. In the
        Services and URLs
         area,
        Add External Dynamic Lists
         and specify the EDL you created in an earlier step.
      4. Select an
        Action and Advanced Inspection
         of
        Do Not Decrypt
        .
    5. Add a security policy rule to allow traffic from the EDL Feed URLs.
      1. Select
        Manage
        Configuration
        Decryption
        , making sure that the scope is set to
        Explicit Proxy
        , and
        Add Rule
        .
      2. Enter a descriptive
        Name
         for the policy.
      3. In the
        URL Category Entities
         area,
        Add External Dynamic Lists
         and specify the EDL you created in an earlier step.
      4. Select an
        Action and Advanced Inspection
         of
        Allow
        .
    6. Push Config
       to save your changes to Prisma Access.

    List of URLs to Enable Office 365 Integration with Prisma Access Explicit Proxy

    One option you can use to integrate non-browser Office 365 apps with Explicit Proxy is to specify the Office 365-related URLs and bypass those URLs in the Explicit Proxy PAC file. Use one of the following methods to obtain the list of URLs to bypass:

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo