Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Reverse Proxy for Microsoft Multi-Geo Model

With the help of the Microsoft 365 Multi-Geo Model, Microsoft 365 application presence is expanded over multiple geographic regions and/or countries within your existing tenant. For more details, see Microsoft 365 Multi-Geo. The following three multi-geo locations are configured in our setup:

  • North America (NAM)
  • Canada (CAN)
  • Great Britain (GBR)

Skyhigh CASB can provide a Cloud Access Policy to control services that users can access from managed devices or unmanaged devices. Microsoft application with Multi-Geo feature supports reverse proxy with the following criteria:

  • If you have a managed device, your activities are redirected via proxy and you can access the application directly.
  • If you have an unmanaged device,  uploads and downloads are blocked or allowed based on the CAP policies.

Ways to Access the Microsoft 365 Application

These are the different ways to access the Microsoft 365 applications with the Multi-Geo feature. 

  • Desktop Browsers
  • Desktop Native Apps
  • Mobile Browsers
  • Mobile Native Apps

The way to access each application is described in the table.

Legends used in the table:
✔ - Verified and working.
✖ - Cert check prompt is not displayed.
# - Failing.

Desktop Browsers

The table summarizes the various Microsoft 365 applications with Multi-Geo features and CAP policies are applied to it.

NOTE: The desktop browsers used are : 

  • Mozilla Firefox Version: 78.0.1 (32-bit)
  • Google Chrome version: 84.0.4147.89 (Official Build) (64-bit)
  • Edge browser version: 84.0.522.52 (Official Build) (64-bit)
Microsoft Application  CAP Upload/Downloads Block CAP - IP Allow List CAP Device Management - Skip Cert check: Redirect all CAP User dictionary - Redirect Managed, Proxy Unmanaged Cert check: Proxy Managed, Block Unmanaged Cert check: Proxy all
Excel              ✔           ✔                    ✔                   ✔                  ✔                   ✔ 
OneDrive              ✔          ✔                   ✔                  ✔                 ✔                   ✔ 
OneNote

            NA

       ✔                   ✔                 ✔                 ✔                  ✔ 
Outlook              ✔       ✔                  ✔                ✔                ✔                 ✔
PowerPoint             ✔       ✔                  ✔                ✔                ✔                 ✔
Share Point            ✔        ✔                 ✔                ✔               ✔                ✔
Teams

 # - Both Upload / Download in CAP

 ✔ - Upload only in CAP 

✔ -  Download only in CAP 

       ✔                ✔                ✔              ✔               ✔
Word            ✔        ✔                ✔               ✔              ✔               ✔

Desktop Native Apps

The table summarizes Microsoft 365 applications with Multi-Geo features and CAP policies are applied to it.

Microsoft Application 

Cert check: Redirect Managed, Block Unmanaged

If Native-app then Skip, Cert check Redirect All

If Native-app then Block

If Not Native-app Skip, Cert check Redirect All

Cert check: Proxy Managed, Block Unmanaged Cert check: Redirect Managed, Proxy Unmanaged Cert check: Proxy all
Excel            ✔           ✔              ✔              ✔               ✔            ✔             ✔
OneDrive           ✔           ✔               ✔               ✔               ✔            ✔               ✔  
OneNote           ✔          ✔             ✔            ✔              ✔          ✔            ✔
Outlook          ✔          ✔             ✔             ✔              ✔           ✔             ✔ 
PowerPoint         ✔         ✔            ✔           ✔             ✔         ✔           ✔
Teams         ✔         ✔             ✔            ✔             ✔           ✔           ✔ 
Word         ✔         ✔           ✔          ✔           ✔          ✔          ✔

System Configuration for Desktop Browser and Desktop Native Apps

The following system configuration is supported for both Desktop Browsers and Desktop Native Apps.

  • Windows Edition. Windows 10 Enterprise
  • System Type. 64-bit Operating System, x64 based processor

Mobile Browsers

Microsoft Multi-Geo feature is available for both Android and iOS mobile browsers.

Android Mobile Browser

The device specifications and browsers version for Android device is described in the following table:

Device Specification Browsers Version

Device: Android

Model number: Lenovo YT3-X90L

Software Version: 6.0.1

Google Chrome Version: 84.0.4147.125

Operating System: Android 6.0.1; Lenovo YT3-X90L Build/MMB29M

Firefox Version: 80.1.2 (Build #2015761287)

Chrome is managed, Firefox is unmanaged

The table summarizes the various Microsoft 365 applications with Multi-Geo features and CAP policies are applied.

Microsoft Application CAP - IP Allow List CAP Device Management - Skip Cert check: Redirect all CAP User dictionary - Redirect managed, proxy unmanaged Cert check: Proxy managed, Block unmanaged Cert check: Proxy all CAP Cert check: Redirect managed,  Block unmanaged
Excel                     ✔                    ✔                        ✔                      ✔                   ✔                   ✔
OneDrive                   ✔                  ✔                      ✔                    ✔                  ✔                  ✔
OneNote                   ✔                  ✔                      ✔                    ✔                  ✔                  ✔
Outlook                   ✔                   ✔                      ✔                    ✔                  ✔                  ✔
PowerPoint                   ✔                  ✔                     ✔                   ✔                 ✔                  ✔
SharePoint                   ✔                  ✔                     ✔                   ✔                 ✔                  ✔
Teams                 ✔                  ✔                   ✔                 ✔                ✔                  ✔
Word                 ✔                 ✔                  ✔                ✔               ✔                  ✔

iOS Mobile Browser

The device specifications and browsers version for iOS devices are described in the following table.

Device Specification Browsers Version

Device: iOS

Software Version: 13.6

Model Name: iPad Air (3rd generation)

Model Number: MUUJ2HN/A

Google Chrome Version: 84.0.4147.71

Firefox Version: 28.0 (18809)

Edge Version: 45.6.8 / 45.7.3

Safari iOS 13.7

NOTE: For the above iOS devices, Safari is managed and other browsers are unmanaged.

The table summarizes the Microsoft 365 applications with Multi-Geo features and CAP policies are applied.

Microsoft Application CAP - IP Allow List CAP Device Management - Skip Cert check: Redirect all CAP - Redirect managed, proxy unmanaged Cert check: Proxy managed, Block unmanaged Cert check: Proxy all CAP Cert check: Redirect managed,  Block unmanaged
Excel                ✔                  ✔                    ✔                   ✔                   ✔                      ✔
OneDrive               ✔                 ✔                    ✔                   ✔                   ✔                      ✔
OneNote              ✔                 ✔                    ✔                   ✔                   ✔                      ✔
Outlook              ✔                ✔                   ✔                   ✔                    ✔                      ✔
PowerPoint              ✔                ✔                   ✔                  ✔                     ✔                      ✔
SharePoint              ✔                ✔                   ✔                 ✔                     ✔                      ✔
Teams             ✔               ✔                   ✔                 ✔                     ✔                      ✔
Word            ✔               ✔                   ✔                ✔                     ✔                      ✔

Mobile Native Apps

Microsoft Multi-Geo feature is available for both Android and iOS mobile native apps.

Android Native Apps

The following are the specification of the device used to verify the Multi-Geo feature with the Microsoft applications:

  • Device: Android
  • Model number: Lenovo YT3-X90L
  • Android version: 6.0.1

The native apps for Android are described in the following table:

Microsoft Application

Cert Check: Redirect Managed, Block Unmanaged If Native-app THEN Skip Cert check: Redirect all If Native app THEN Block If NOT Native-app THEN Skip Cert check: Redirect all
Excel                           ✔                                 ✔                                  ✔                                            ✔ 
OneDrive                          ✔                                ✔                                  ✔                                           ✔ 
Office Mobile                         ✔                                ✔                                 ✔                                           ✔ 
OneNote                        ✔                               ✔                                ✔                                           ✔ 
Outlook                       ✔                              ✔                                ✔                                           ✔ 
PowerPoint                      ✔                              ✔                                ✔                                           ✔ 
SharePoint                      ✔                              ✔                                ✔                                           ✔ 

Teams

Version: 1416/1.0.0.2020081801

 

  ✖ - Redirect Managed, the user is redirected to the Teams app without a cert check prompt.

#- Block Unmanaged not able to detect in Native Apps

Refer to * NOTE

                         

                          ✔ 

 #- Unable to sign in and not able to detect the Teams native app.

Refer to *NOTE

                                         

                                       ✔ 

Word                    ✔                              ✔                                ✔                                            ✔ 

 *NOTE: This could be due to certificate issues in our local environment and we have seen this scenario working in the customers' environments with their valid certificates. Please check it before confirming.

iOS Native Apps

The following are the specification of the iOS devices used to verify the Multi-Geo feature with the Microsoft applications:

  •     Device: iOS
  • iOS Version: 13.6
  • Model Name: iPad Air (3rd generation)
  • Model Number: MUUJ2HN/A    
  •     Device: Skyhigh's iPad
  • iPad Version: 10.3.3 (14G60)
  • Model: MD513HN/A

The native apps for iOS are described in the following table:

Microsoft Application Cert Check: Redirect Managed, Block Unmanaged If Native-app THEN Skip Cert check: Redirect all If Native app THEN Block If NOT Native-app THEN Skip Cert check: Redirect all
Excel

                         ✔

         Refer to *NOTE 

                          ✔                               ✔                              ✔ 
OneDrive

                         ✔ 

       Refer to *NOTE 

                          ✔                               ✔                              ✔ 
OneNote

                         ✔ 

      Refer to *NOTE 

                         ✔                               ✔                              ✔ 
Outlook

                         ✔ 

      Refer to *NOTE 

                         ✔                               ✔                              ✔ 
PowerPoint

                        ✔

    Refer to *NOTE 

                         ✔                               ✔                              ✔ 
SharePoint

                        ✔

   Refer to *NOTE 

                         ✔                              ✔                              ✔ 

Teams

Version: 2.0.18

Calling Version: 2020.23.01.1

 ✖- Redirect Managed, the user is redirected to the Teams app without a cert check prompt.

#- Block Unmanaged not able to detect the Teams app.

Refer to *NOTE

 #- Unable to sign in and not able to detect the Teams native app.

Refer to *NOTE

#- Able to login and the Teams app is not blocked.

Refer to *NOTE

                            ✔ 

Word

                        ✔ 

     Refer to *NOTE 

                        ✔                              ✔                             ✔ 

 *NOTE: This could be due to certificate issues in our local environment and we have seen this scenario working in the customers' environments with their valid certificates. Please check it before confirming.

  • Was this article helpful?