When my clients are idle for a period of time, outlook disconnects and it is subject to default rules which block access to webmail.
I read the documents about using a user-agent to bypass the client itself.
I see the User-Agent in top properties but it is not showing in the request. How do I craft a rule to use the user-agent from top-properties instead?
I need something that will allow access regardless of if the user has been authenticated with the MWG so that if their session times out, their outlook client still remains active.
Hope you are doing well.
I see here request is getting blocked on CONNECT request itself.
The User-Agent lives inside the SSL tunnel, so the only way to get the User-Agent is to break the SSL tunnel with the SSL scanner and see in the GET request.
You can create a rule on top of your poliy maybe using URL.Host matches outlook.office365.com and set action as Stop Cycle maybe.
You can also make use of our Bypass Microsoft ( Office 365) services present in our rule set library and enable relevant rules in it.
You can use other different ways to allow request for Office 365 URL.
Also here you are using Header.request.Get (User-Agent ) and trying to get fetch User-Agent from GET request. But here your request for office 365 is getting blocked in CONNECT request itself .
Thanks for the information. How can I whitelist it during the CONNECT instead?
I just need outlook to be allowed to bypass the filter for Exchange Online and the connection to that. What is the best practice? I need it done pre-user authentication so that Outlook does not move to 'disconnected' mode.
Plese note, I do not want browser access to be allowed - just Outlook desktop client.
Apologies for the delay here.
You can try creating a rule above the rule which is blocking the request as (Command.Name equals CONNECT or Command.Name equals CERTVERIFY) And URL.host matches outlook.office365.com with Action as Stop Cycle.
Below this rule create a rule Header.Request.Get(Referer) matches Microsoft.Office/16.0 with action as Stop Cycle.
Below the above 2 rules will be your existing rule which is blocking the request, so if any user tries to access this via browser the GET request should be blocked by that rule.
In order for MWG to see the GET request , SSL inspection should be done for this traffic, but it is generally recommended to bypass Office 365 traffic from SSL Scanning.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: