Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 4738 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot log in a Office 365 account on Skype for Business Client

ErikFranzén

Using Office 365. Having Skype for Business Clients in my network. Have been working but since yesterday something has happened.

Using the following exceptions in Web filtering: Caching, Block by download size, Antivirus, Extension blocking, Extension blocking, URL Filter, Content Removal, SSL scanning, Certificate trust check, Certificate date check, Accessed pages, Blocked pages, Do not display Download/Scan progress page

Matching these URLs:

^http(s)?://[^.]*\.microsoftonline.com
^http(s)?://[^.]*\.microsoftonline-p.com
^http(s)?://[^.]*\.microsoft.com
^http(s)?://[^.]*\.live.com
^http(s)?://[^.]*\.onmicrosoft.com
^http(s)?://[^.]*\.sharepoint.com
^http(s)?://[^.]*\.skypeforbusiness.com
^http(s)?://[^.]*\.skype.com
^http(s)?://[^.]*\.outlook.com
^http(s)?://[^.]*\.lync.com
^http(s)?://[^.]*\.verisign.com
^http(s)?://[^.]*\.verisign.net
^http(s)?://[^.]*\.public\-trust.com
^http(s)?://[^.]*\.sa.symcb.com
^http(s)?://pipe.skype.com
^http://ocsp.msocsp.com
^http://crl.microsoft.com
^http://mscrl.microsoft.com

My problem is that I cannot log in using my Office 365 account in Skype for Business Client. For test purpose, if I insert myself on the Transparent Mode Skiplist it works, I can log in.

Skype for Business Client and Office 365 is apparently not easy to maintain when scanning SSL in UTM. I cannot see any blocked pages in the UTM web proxy log.

Using Office version 1805

How can I fix this? Anybody?



This thread was automatically locked due to age.
  • +1

    After long time of elaboration I come to the following solution which seems to work.

     
    Exclude the following: Caching,  Block by download size, SSL scanning, Certificate trust check, Certificate date check and Do not display download/scan progress page

    Matching these URL:s

    ^http(s)?://([A-Za-z0-9.-]*\.)?microsoftonline.com
^http(s)?://([A-Za-z0-9.-]*\.)?microsoftonline\-p.com
^http(s)?://([A-Za-z0-9.-]*\.)?microsoft.com
^http(s)?://([A-Za-z0-9.-]*\.)?live.com
^http(s)?://([A-Za-z0-9.-]*\.)?onmicrosoft.com
^http(s)?://([A-Za-z0-9.-]*\.)?sharepoint.com
^http(s)?://([A-Za-z0-9.-]*\.)?skypeforbusiness.com
^http(s)?://([A-Za-z0-9.-]*\.)?skype.com
^http(s)?://([A-Za-z0-9.-]*\.)?office.com
^http(s)?://([A-Za-z0-9.-]*\.)?outlook.com
^http(s)?://([A-Za-z0-9.-]*\.)?lync.com
^http(s)?://([A-Za-z0-9.-]*\.)?verisign.com
^http(s)?://([A-Za-z0-9.-]*\.)?verisign.net
^http(s)?://([A-Za-z0-9.-]*\.)?public\-trust.com
^http(s)?://([A-Za-z0-9.-]*\.)?sa.symcb.com

    I found that the first regexp solution in my first post for some reason did not match all combinations for *.lync.com, some urls was not bypassed. Switching to above made it work.

    If you want to communicate using Skype for Business with companies which have their own Skype server you have to add three extra exceptions for each server:

    If Sophos could include Skype for Business detection in the application control, it would sure make the UTM-usage much easier.

Unfiltered HTML