Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Bypass for Office 365 and Other Microsoft Services

Requests sent to Office 365 and other Microsoft services, and responses received from these services, can be configured to bypass filtering to avoid a load increase on Web Gateway.

Bypassing is handled for these requests and responses by rules. A rule set with suitable rules is provided in the default rule set system and in the rule set library.
 

Office 365 and other Microsoft services

Microsoft offers several cloud-based applications that belong to the Office 365 application suite. These applications rely heavily on HTML5 features to provide an enriched user experience.

Consequently, some of these applications can set up a high number of connections and also several "endless" connections, which might considerably increase the load on a Web Gateway appliance. The increased load can have an impact on the proxy functions of Web Gateway, leading to slow or delayed web access, timeouts, and other issues.

To avoid such issues, you might want to let requests and responses in traffic to and from Office 365 and other Microsoft services bypass filtering on Web Gateway. Many of these requests and responses also use undocumented formats or protocols that are proprietary to Microsoft and cannot be scanned and filtered on Web Gateway.

Rule set for Microsoft services bypassing

The Bypass Microsoft (Office 365) Services rule set contains rules that enable bypassing for requests and responses in traffic to and from Office 365 and other Microsoft services.

IP address and URL lists published by Microsoft are used to recognize the requests that are submitted for accessing these services.

The rule set is placed at the top of the default rule set system.

Using a Domain Name System

The bypassing rule set requires Web Gateway to access a Domain Name System (DNS). In some configurations, for example when next-hop proxies are used, Web Gateway does not normally require DNS access, so this access might not be configured or even be blocked by a rule.

Most of the rules in the rule set, however, rely on evaluating the URL.Destination.IP property to recognize relevant requests. The DNS is then used to resolve the destination IP address of the request that is currently processed.

So, if a DNS is not correctly configured or not configured at all, you might encounter timeouts or slow performance when working with the rule set.

  • Was this article helpful?