Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 1 subscriber
  • Views 11486 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Appliance - blocking web-based email prevents access to login.live.com which is used by other features

BillyShaw

Hi,

Sorry if this has been answered elsewhere but been searching for a while without success....

Using Sophos Web Appliance v4.3.1.4 and very new to it.

I've blocked the web-based email category for most users. This seems to work.

However, some users require access to the Microsoft TFS site which logs in via the login.live.com url.  This generates a block for web-based email.  However, they do not intend to access outlook.live.com. (which would be rightly blocked.) 

Also, practically every Windows 10 user appears on the Policy Violators report as Windows 10 under the covers attempts to hit login.live.com (i guess to hit the app store)

I'm wondering if I should re-categorise login.live.com as if they try to hit outlook.live.com it will get blocked there?

Thoughts or suggestions would be appreciated.

Regards..



This thread was automatically locked due to age.
Parents
  • 0

    There are several ways to accomplish this depending on your policy.

     

    You could create a user agent string and allow the site based on that.  (ie Office)

    Use application control

    create an additional policy (tag and allow it) then apply the tag to a local site list entry for live.com.  (this would allow all subdomains but also allow browsers)

    there is also a security toggle that will disable web based email. 

     

    from what yout has posted as requirements.. you want option #2

    create and additional policy

    select the users or ad group 

    next until you get to the tag section

    select the action of allow and add it so it shows up under the input box

    next

    apply policy from machines connecting anywhere

    name it - live email

    save it

     

    then under the local site list entry

    create a new one for live.com

    under tags select the tag you just made

    save it

     

    result:

    this will allow you to continue to block web based email in your default policy .. the users in the "tag" will over ride the default policy for live.com but still be applied to gmail or hotmail.

Reply
  • 0

    There are several ways to accomplish this depending on your policy.

     

    You could create a user agent string and allow the site based on that.  (ie Office)

    Use application control

    create an additional policy (tag and allow it) then apply the tag to a local site list entry for live.com.  (this would allow all subdomains but also allow browsers)

    there is also a security toggle that will disable web based email. 

     

    from what yout has posted as requirements.. you want option #2

    create and additional policy

    select the users or ad group 

    next until you get to the tag section

    select the action of allow and add it so it shows up under the input box

    next

    apply policy from machines connecting anywhere

    name it - live email

    save it

     

    then under the local site list entry

    create a new one for live.com

    under tags select the tag you just made

    save it

     

    result:

    this will allow you to continue to block web based email in your default policy .. the users in the "tag" will over ride the default policy for live.com but still be applied to gmail or hotmail.

Children
No Data
Unfiltered HTML