CFS is blocking connections to Microsoft Office 365 Outlook application

06/12/2024 1,059 People found this article helpful 504,277 Views

Description

Company's Microsoft Exchange server in the network is hosted as Office 365 online services, when users try to access the mailbox, CFS doesn't allow connections to Microsoft Office 365 Outlook mailbox.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

In this case, we need to white list the domains which are supported by Microsoft Office 365 Outlook.

Click Policy tab.
Navigate to Security Services | Content Filtering and make sure that the Content Filtering Service is enabled.
Go to Objects | Content Filter | CFS Profile Objects tab and edit the CFS Profile used for the particular users/devices (CFS Default Profile in our case).
Click Create URI List Object.
In the URI list enter the each of the following domains and click Add.

aadrm.com
activedirectory.windowsazure.com
glbdns.microsoft.com
live.com
lync.com
microsoft.com
microsoftonline.com
microsoftonline-p.com
microsoftonline-p.net
microsoftonlineimages.com
microsoftonlinesupport.net
msecnd.net
msocdn.com
msauth.net
msauthimages.net
msftauth.net
msftauthimages.net
enterpriseregistration.windows.net
policykeyservice.dc.ad.msft.net
onmicrosoft.com
office.com
office.net
office365.com
officeapps.live.com
outlook.com
phonefactor.net
Sharepoint.com
Sharepointonline.com
outlook.office365.com
login.microsoftonline.com
spoprod-a.akamaihd.net
Click Save after finished the URI List to exit the URI List Object.
Click Save after you added the new URI List created to exit the CFS Profile Object

How to Test:

Restart the Microsoft Outlook application and synchronize the mailbox.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

In this case, we need to white list the domains which are supported by Microsoft Office 365 Outlook.

Click Manage tab.
Navigate to Security Services | Content Filtering and make sure it is enabled and a CFS policy is applied.
On appropriate CFS policy, check the Profile associated (CFS Default Profile in this case).
Go to Objects | Content Filter Objects | CFS Profile Objects tab and edit the Profile above.
Click Create new URI List Object.
In the URI list enter the each of the following domains and click Add.

aadrm.com
activedirectory.windowsazure.com
glbdns.microsoft.com
live.com
lync.com
microsoft.com
microsoftonline.com
microsoftonline-p.com
microsoftonline-p.net
microsoftonlineimages.com
microsoftonlinesupport.net
msecnd.net
msocdn.com
msauth.net
msauthimages.net
msftauth.net
msftauthimages.net
enterpriseregistration.windows.net
policykeyservice.dc.ad.msft.net
onmicrosoft.com
office.com
office.net
office365.com
officeapps.live.com
outlook.com
phonefactor.net
Sharepoint.com
Sharepointonline.com
outlook.office365.com
login.microsoftonline.com
spoprod-a.akamaihd.net
Click OK in CFS policy configure window.
Click Accept in CFS settings.

How to Test:

Restart the Microsoft Outlook application and synchronize the mailbox.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

In this case, we need to white list the domains which are supported by Microsoft Office 365 Outlook.

Navigate to Network | Zones.
Make sure that, CFS is applied to appropriate Zone.
Navigate to Security Services | Content Filtering | Configure
On appropriate CFS policy, click Configure button on right (Office 365 Allow policy, in this case).
Click Custom List tab.
In allowed domains section, enter the each of the following domains and click Add.

aadrm.com
activedirectory.windowsazure.com
glbdns.microsoft.com
live.com
lync.com
microsoft.com
microsoftonline.com
microsoftonline-p.com
microsoftonline-p.net
microsoftonlineimages.com
microsoftonlinesupport.net
msecnd.net
msocdn.com
msauth.net
msauthimages.net
msftauth.net
msftauthimages.net
enterpriseregistration.windows.net
policykeyservice.dc.ad.msft.net
onmicrosoft.com
office.com
office.net
office365.com
officeapps.live.com
outlook.com
phonefactor.net
Sharepoint.com
Sharepointonline.com
outlook.office365.com
login.microsoftonline.com
spoprod-a.akamaihd.net
Navigate to Settings tab, select Source of Allowed Domains to Per Policy.
Click OK in CFS policy configure window.
Click Accept in CFS settings.