This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vladimir
Champion
Champion
‎2019-05-02 06:40 PM

How to deal with Microsoft's Office 365 ATP Outlook issues?

Microsoft, in their infinite wisdom, decided to prefix all links in Outlook 365 for Enterprise with ATP with:

https://nam04.safelinks.protection.outlook.com and pass the actual URLs as parameters for inspection.

Since client has a "No Wbmail" rule in their APPC/URLF, preceded by "Office 365 Enterprise" permit, this causing all the links with "outlook.com" to flop.

 

What is the best way of permitting these links to remain functional?

Create the 

.safelinks.protection.outlook.com app and add it to the categorization exemptions?

 

P.S. there is no HTTPS inspection in this environment, just categorization with the widgets.

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2019-05-03 01:48 PM

That's what I'd do.
0 Kudos
ccarpediem
Explorer
‎2019-09-12 05:07 AM

Did you ever get this to work?  I'm in the same situation.  Need to block public hotmail/outlook.com, but need to enable the Office365 services such as SafeLinks ATP (https://xxxxx.safelinks.protection.outlook.com).  Thus far I haven't been able to get any override to work successfully (also no SSL inspection).  For my tests I've created rules like:

CPRule.PNG

This is how the custom application is configured

ATPCustomApp.PNG

And I've tossed in an override categorization like below just for good measure.

OverrideCat.PNG

However all attempts to access anything like xxx.safelinks.protection.outlook.com/xxxxxxxxxx does not get recognized by the first rule and is blocked by the second "Tony test hotmail block" rule.  Any other thoughts about how to best address this issue?

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events