Skip to main content
  • EN

l_40UWU6l_bZZpHLBoi75TpdR_AFwtyEXeMpsJnKpXeKAeCzpptDQPZc99gMrTpkdkSzpOuxVW4QybvOWeERsJnnEyeLtYuPLvYl5zG8VWuAoYCFqQL3BdFEOi34hN6jJmSR4vQ4_SMGs_E-GGMqEI8

Netskope Global Technical Success (GTS)

Allow Microsoft Apps Access - Specific Corporate Instance

 

Netskope Cloud Version - 120

 

Objective

Allow Microsoft Apps Access - Specific Corporate Instance

 

Prerequisite

Netskope CASB license is required

 

Context

The customer's requirement is to block access to all Microsoft apps except their Corporate Instance. This document will discuss how to achieve this.

 

Do You Know?

Before we proceed, let me address some fundamental:

 

  • Microsoft distinguishes between access to Corporate and Personal instances of applications. 
  • Netskope is capable of discerning whether traffic is directed towards the Corporate or Personal instance. 
  • When an end-user tries to access any Microsoft applications via a browser, they must authenticate first. Authentication occurs through different URLs or domains depending on whether it's for the Corporate or Personal instance.
  • Netskope has consolidated all the URLs or domains responsible for authentication and created a cloud app connector for them - 
  1. Microsoft Accounts - Corporate Instance
  2. Microsoft Live Accounts - Personal Instance

 

  • Microsoft Accounts - As of Oct 14, 2024 with Netskope’s Microsoft Accounts predefined cloud app connector, customers can exercise control over the following activities:

Ds5tDw0P-QZ-hFDOC1u9jX-BvXi3ONQ1sa1WQYNXXh9OzMOyXPhL_Nju3LJTv8cITlLBfuNBigweIPDvqy_ujgs3og8fnLSvvcvzAXX6l5gweAHmPnlx6YLzLtg6-NDMLOgtLgM2tBgJhtx1aCKZwQc

 

  • Microsoft Live Accounts - As of Oct 14, 2024 with Netskope’s Microsoft Live Accounts predefined cloud app connector, customers can exercise control over the following activities:

hZ--5duXjIjAUHDStBQn-8VxPTnfRBocAwKNM1b6ckSgkZ1SVi_MGv8VGEDcPB_Z9EIeAUwr7tAwdYb8H1gSqgmkw683r62oDsYs8aU9NNwRGZ9hlTgq1NjaMcgujaUpmYcMQCMU5wLC0Fu-CGAeD9s

 

 

Configuration

For this lab exercise, let's assume the corporate domain is @cloudtest.com

 

Step 1 

  • @cloudtest.com - Instance mapping

KEuxu-uNIar60bPScgBnRhdTGOq_O4B-tU75iyWoOo3EJv1BdqabDXSsrJxZ86k3ZQaYF73kvQi9g_EUXNLZEO2JJuk2yAhj8qYuPEF82P06erSVh3i1Mk9diuMHZFhE--umEmXw6Xj1dYwmnDUCNI4

6nlkKwre5T5jDsBsr9bjqpmESeh5NLHCwJabeMMFw4rnw01P7lkRkI_UDI-7_RW_9hIhMrkU1iEs3z-3I1snNLExaGZzCkuiOiABJQuLwjaHpo-_btOhNGi5mZ0iZKswY_XwDZGrhkjyRG1IaXcOhgA

X7XxrdzuS60gizl848VAoc-Ip-nwXZQjDl83gRUNmXtIHD_L4dJI96bz35Z3CN_TU_dQK3GXqEnOi_v8Yc7C3dMxI_GP1CT4qeVU_nsDoByu_9G40DegovS8cDFfoCZ55rOcs5BA9vJO8UHI-EQE840

 

Step 2

  • Create a Real-time protection policy

Path - Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy

Policy Number 1

Tjyq4aTCt2XrlQsp6A30XEPru9x1NGQcaMRsv8RgIsR_Y3ktVx-LWNBlZjyawI8J_buaU4Mn5iQyOBn7lMzzNaIyg9MaxzI4Mvz82sQhIv7FfUIbAClkrkrxWJ788Ep_aqDvKC787D_4gTTHaDgrzCg

 

Policy Number 2

_hlGqOFp0N0alP_8Jif_xBdknlmjIQm6mrjMCjreEWbIC95QsFEAaDYJfhiNFXHyOOmsw96zr0-MbTJEaHVG6JqLAub5kOipQVTRwMMencStZTcsk7M4rOeoJPN98Fru0NwIQGCk5mHkvJ08R07GQVo

 

Policy Number 3

sMIhz80gwS2Gqf7jfAAF64HVZep-tM4gRHpBgxQiZtzVqToxEZVSfzvjh0CSr88Flkd2OI1xBPURVpPjhAVyC-OMDqGxYmvKmJpC4M-L2KbGJVB1pYTVPSeK8SZKkprobf-ly51QsVjO6IVpqZj_N4w

 

Step 3

 

  • Policy order

rFoDQ8xzcHmNBSD6iFUEEIMx_qk-QYiG9WzQfz0JsenteF9LV1qG5YTvUIOyO-7VS8owKdUchdUpspFKuUHVOu16JfhFuwKAitdttgEHheBi_zCnwAUbl0Ah_v5PBpylLeKvl6IiduZh9ikFOs34FfI

 

Verification

  • Test 1 - Try to login Microsoft O365 Outlook web version via @cloudtest.com credentials and application page should open properly

 

  • Test 2 - Try to login Microsoft O365 Outlook web version via non @cloudtest.com credentials and you will get the below

RnqmIVTo6jhLG1l9UkjCzzOvGjcGQ3k48W068tH8wY002bpD_PdhvXZwANvs8Y697WzSGTncstRXSp3AoqRBrQ-Mv8MBinJgpeki3pTabctRP1mlSNPeuZqfrJQTpId57dSUZlmOxOEZv6NF0aQLSr8

 

  • Test 3 - Try to login Microsoft Outlook web version and you will get the below

CDFQxU7I6e5WLW3eXzzR_VDvc_PsUmXOnrmFtsnl3e2cRcrQ7Olmid-GPzkFVKVerMLvKnniK_APVqRnYdJ6HJF2j3shVpu4214mYB8Q_NJT62eYQRWBzQDK6ldF_7Tcz5e6es4aHzZB0R3c_YNEKs4

 

  • Test 4 - Check policy hits

dMyoz6yQYEBAjFIs44TsZ8y0rFWsC2uH4nY-WvgkDS5Ij1PgEQLR4HR7oBpJkIXeAA3l-QfBnJlu1jfjM23Mal3H0dgdXD7eAwHagnyBHqsXg_DcAPQudDjptUHibB0tygI1TYuoFAZn6bn7zPCaOwM

 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the default settings may be altered. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.

 

Be the first to reply!
Terms & ConditionsCookie settings