Skip to main content

Support

Whether you want to search for solutions or ask a question, dip into spaces designed for those who are new to our products or watch videos to help you learn the basics. You'll find a lot of content and our experts are here every day. Netskope is ready for anything!

Support Hero Image

Latest Expert Videos

view all
connect-image

Connect With

Netskope

Our team is making a lot of improvements. Most of these improvements won't happen overnight, but we are making progress and would benefit greatly from your feedback. Whether or not you asked a question in the Community, please take a few minutes to reach out to the Community team by direct message to @Rohit or send an email to community@netskope.com

Additional Resources

icon
Trust Portal
right-arrow-icon
icon
Documentation Library
right-arrow-icon
icon
Support Portal
right-arrow-icon
icon
Product Release Notes
right-arrow-icon
icon
Netskope Professional Services
right-arrow-icon
Stay Current On Netskope's Event Lineup
Netskope is positioned to help you begin your journey and discover where security, networking, and Zero Trust fit in the SASE world.
Explore Regional Events

Events calendar

Latest Blogs

Microsoft m365 Copilot | Option 'Create' - Block Web Access

Netskope Global Technical Success (GTS)Microsoft m365 Copilot | Option 'Create' - Block Web Access Netskope Cloud Version - 131 ObjectiveMicrosoft m365 Copilot - Option 'Create' - Block Web Access PrerequisiteNetskope SWG or NG-SWG license is required ContextMicrosoft m365 Copilot provides an inbuilt ‘Create’ function that can generate images, infographics, stories, and more. This functionality is separate from the Copilot chatbot engine. Customers may have a use case where they want to allow all Copilot services except the ‘Create’ feature. This KB article explains how to achieve this using Netskope.Link - https://m365.cloud.microsoft/createDo You Know?When you first navigate to https://m365.cloud.microsoft/ and then click on ‘Create’ option, the traffic is redirected to https://m365.cloud.microsoft/create, and in the backend services from another URL https://designerapp.officeapps.live.com/designerapp/TraceRequest.ashx are invoked. Given this pattern, sub-domain designerapp.officeapps.live.com likely corresponds to a “designs” applicationConfigurationStep 1: Create a custom URL categoryPath: Netskope Tenant UI >>> Policies >>> Profile - - - URL ListsRegex:.*m365.cloud.microsoft/create.*.*designerapp.officeapps.live.com/designerapp.*Path: Netskope Tenant UI >>> Policies >>> Profile - - - Custom CategoriesStep 2: Realtime protection policyPath: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New PolicyVerificationIf you access directly https://m365.cloud.microsoft/createNote - User Notification format used above LinkFirst navigate to https://m365.cloud.microsoft/ and then click on ‘Create’. You will not see a full webpage block. Initially, it may appear that the ‘Create’ option is still accessible, but the moment you try to use it, the ‘Create’ service will fail to load and will not respond.Author NotesThe domain officeapps.live.com is mapped to Netskope’s predefined Cloud App connector for Microsoft Office 365 OneDrive for Business.Therefore, ensure that the Realtime Policy used to block the ‘Create’ option is placed above the rule that allows traffic for Microsoft Office 365 OneDrive for Business. Terms and ConditionsAll documented information undergoes testing and verification to ensure accuracy. In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them. NotesThis article is authored by Netskope Global Technical Success (GTS). For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.

Blog

Automating the Attacker's Mindset: Introducing the AbuseCaseGen Gem

The Blank Page Problem in Security TestingEvery security assessment begins with a mountain of documentation and a crucial question: "Where would an attacker start?" For testers, translating functional specs, architectural diagrams, and API details into a concrete set of high-impact security tests is one of the most challenging and time-consuming parts of the job. It's a process that relies heavily on experience, intuition, and a meticulous, almost paranoid, mindset.The "blank page" problem is real. You can spend hours sifting through documents, trying to connect the dots between a new feature and a potential vulnerability. It’s easy to get lost in the details, miss a subtle logic flaw, or simply run out of time and fall back on a generic checklist. I realized that what we needed wasn't just another tool, but a partner—a virtual expert that could do the heavy lifting of analysis and brainstorming, allowing testers to focus on verification and exploitation. This led me to create the AbuseCaseGen Gem, a specialized AI designed to operate as a virtual Principal Security Engineer. Shifting from Manual Toil to Assisted AnalysisThe primary goal of the AbuseCaseGen Gem is to support and assist testers during the crucial abuse case development phase. Instead of starting from scratch, a tester can provide the Gem with all the technical documentation they have. The Gem's job is to ingest this information and produce a structured, prioritized, and actionable list of security abuse cases that are directly relevant to the feature being tested.This isn't about replacing the security professional; it's about augmenting their capabilities. Think of it as having a senior engineer on your team whose sole focus is to read the documentation, ask the right questions, and brainstorm potential attack vectors based on established security standards. This frees up the human tester to apply their creativity and critical thinking to the more nuanced aspects of the assessment. How It Works: A Human-in-the-Loop CollaborationTo ensure the Gem produced high-quality, reliable results, I built its workflow around a Human-in-the-Loop (HITL) model. This approach combines the systematic analysis of AI with the critical judgment of a security expert. It's not a black box spitting out random vulnerabilities; it's a collaborative process grounded in principles I'd expect from a human expert: meticulous analysis, zero assumptions, and a clear focus on impact. Step 1: The "Zero Assumption" MandateThe collaboration begins with a foundational principle: the Zero Assumption Policy. The Gem will never make assumptions about the architecture, technology stack, or functionality. This mandate is the trigger for human interaction, ensuring that every subsequent step is based on factual ground truth, not AI-driven guesswork.Step 2: The Mandatory Clarification StepIf any detail is ambiguous or missing after the initial analysis, the Gem stops and initiates a dialogue. This is the Mandatory Clarification loop shown in the workflow. It prompts the human expert with specific questions, such as:"The documentation for the updateUserProfile API does not specify the authorization model. Is this endpoint accessible to any authenticated user, or only to the user whose profile is being modified?" "You've mentioned a data export feature. What data formats are supported, and are there rate limits on how often a user can perform an export?"The expert provides the answers, resolving ambiguity and ensuring the AI's understanding is complete before it proceeds. This back-and-forth is critical for accuracy.Step 3: Brainstorming Grounded in Reality & PrioritizationOnce clarity is established, the process moves to the Brainstorm & Prioritize loop..Suggest: The Gem systematically cross-references the feature's components with knowledge bases like OWASP and CWE to generate and suggest an extensive list of potential abuse cases.  For example, if it identifies a file upload feature, it will immediately correlate that with CWE-434 (Unrestricted Upload of File with Dangerous Type). This isn't a simple keyword match. It analyzes the context provided in the documents to draft an initial, extensive list of potential abuse cases. Approve: This list is presented to the human expert, who uses their intuition and business context to refine, approve, and prioritize the suggestions. The AI handles the breadth of brainstorming, while the human provides the depth of expert judgment, focusing on the 15-30 most relevant cases based on business logic, data exfiltration risk, and high-impact vulnerabilities.An unprioritized list of 100 potential issues is just noise. The real value comes from focus. The Gem rigorously filters its initial list down to the 15-30 most relevant cases using a clear prioritization scheme:Priority 1: Business Logic & Fraud: Attacks that exploit the intended workflow of the feature for financial gain or to cause business disruption. Priority 2: Data Exfiltration & Privacy Violations: Attacks focused on accessing or stealing sensitive user or company data. Priority 3: Common High-Impact Vulnerabilities: Classic but critical issues like Injection, Broken Authentication, and Server-Side Request Forgery (SSRF).This ensures the final list highlights the threats that matter most to the business, rather than just low-impact technical findings. The Final Output: A Structured and Actionable ReportThe process culminates in a structured report that is designed to be directly usable by security and development teams. Each abuse case is detailed across seven specific fields, transforming a simple idea into a trackable work item.Abuse Case Unique Id: ABUSE_CASE_001 Product Area Impacted: e.g., Authentication, Backend API Abuse Case's Attack Description: A concise, 2-4 sentence technical description. Netskope Defect Severity: Blocker, Critical, Major, Minor, or Trivial (based on CVSS). Abuse Case Category: e.g., Business Logic, Input Validation, Data Exfiltration. Counter-measure Applicable: A recommended mitigation strategy. Handling Decision: A placeholder status (e.g., To Address, Risk Accepted). Conclusion: Your Turn to BuildCreating the AbuseCaseGen Gem has significantly streamlined our initial security assessment phase, allowing us to generate a high-quality baseline of test cases in a fraction of the time. It has proven that by combining the analytical power of AI with the expertise of a security professional, we can create powerful tools that elevate our work.The principles behind this Gem—zero assumptions, mandatory clarification, and structured output—are not limited to AI. They are the hallmarks of any good security analysis.So, here is my call to action for you: How can you apply this model to your own workflow? Think about the most repetitive, time-consuming parts of your job. Could a specialized AI assistant, guided by a strong and specific prompt, help you automate the toil and free you up to focus on what humans do best: thinking critically and creatively? I encourage you to experiment and share what you build. The future of security engineering is not about being replaced by AI, but by being empowered by it. 

Blog

Inside Netskope: Securing Applications and Data using Netskope One Enterprise Browser

How to Finally Solve the BYOD, Contractor, and M&A Access DilemmaAuthor: Stevan PierceDate: November 9, 2025 The perimeter is long gone, and the "unmanaged device" is the new CISO headache. How do you grant access to contractors, BYOD users, and new M&A employees without opening a Pandora's Box of data-leakage risk?The Netskope One Enterprise Browser is an approach that isolates the application, not the device. It’s a hardened, corporate-managed browser that integrates directly into the Netskope One platform, acting as a new enforcement point for your Security Service Edge (SSE).It is a self-contained corporate workspace that:Separates Work & Personal: Creates a distinct corporate profile on any device, managed or unmanaged, separating all corporate browsing activity and data. Provides Granular DLP: Enforces in-browser controls like copy, paste, print, and screenshots—stopping data leaks at the source. Delivers Agentless ZTNA: Bakes Netskope Private Access (NPA) capabilities directly into the browser, providing secure access to private apps without a full VPN client. Is Fast & Simple: Deploys via a self-service install, reduces IT overhead, and extends your existing Netskope security policies, making it ideal for BYOD and M&A.This article explores the technical "how" and the strategic "why" of using the Netskope One Enterprise Browser to secure your applications and data.The Modern Access ConundrumFor decades, security was simple: we built a wall around our castle. If you were "inside" (on the corporate network), you were trusted. If you were "outside," you were not. Today, that model is shattered. Our data is everywhere—in SaaS apps like Salesforce and Google Workspace, and in private apps hosted in the public cloud. Our "users" are also everywhere—they are remote employees, third-party contractors, and partners.This creates three critical challenges that security architects and CSOs face daily:The BYOD & Contractor Problem: You need to grant a contractor secure access to a single corporate application. They are using their personal laptop. Do you... ...ship them a $2,000 corporate laptop for a 3-month project? (Too slow, too expensive). ...let them install a full VPN client? (Absolutely not. You have no idea what's on that device, and you just gave it a network-level key to your kingdom). ...spin up a VDI/DaaS instance? (Costly, complex, and users hate the latency). The M&A Tsunami: Your company just acquired a 500-person firm. You need to give them access to your corporate SaaS apps today so they can be productive. You can't merge two complex corporate networks in 24 hours. How do you grant fast, secure, and isolated access? The "Trusted" Insider Risk: Even on a fully managed corporate device, what stops a well-meaning employee from copying sensitive customer data from Salesforce and pasting it into their personal webmail? The Netskope One Enterprise Browser can be deployed to managed devices to elevate security for users accessing critical data.Traditional solutions are too heavy, too high-risk, or too slow. We need a new tool. We need to secure the browser, the new cockpit for all corporate work.What is the Netskope One Enterprise Browser?The Netskope One Enterprise Browser is a purpose-built, hardened browser based on the familiar Chrome experience. It's designed to be the only application a user on an unmanaged device needs to securely access corporate resources. It acts as a self-contained, corporate-managed workspace, completely separate from the user's personal browser.  It is natively integrated with the Netskope One platform, extending your SSE controls via Netskope's NewEdge network.Policy-Driven: It natively enforces your corporate SSE controls, from threat protection and URL filtering to advanced DLP. Self-Contained: It isolates corporate activity and data from the user's personal profiles and browsers. User-Friendly: It provides a simple, self-service install and removal process, dramatically reducing IT overhead. Centralized: It presents the user with an admin-defined "Company Workspace" homepage, simplifying access to both public and private apps.Think of it as the perfect middle-ground: the deep security of VDI without the cost and latency, and the flexibility of a clientless solution without the gaping security holes.The Technical Pillars of Netskope One Enterprise Browser SecurityFor security analysts and architects, here is how it works. The Enterprise Browser enforces security as part of your unified Netskope policy engine.Pillar 1: Granular, In-Browser Data Protection (DLP)This is the game-changer. Your Netskope policies can now control the browsing experience itself. Instead of just blocking a URL, you can control granular user activities within that URL.Within the Netskope UI, you'll find a new policy type: Enterprise Browser Protection. This allows you to define rules for specific users, groups, or applications to:Block Copy Block Paste Block Print Block Screenshot/Screen Sharing Enforce WatermarkingWhen the user tries to perform a blocked action, like printing, they are met with a simple, clear block message. If they take a screenshot, the policy can be configured to produce a blank screen. This stops data exfiltration before it happens, on any device.  Pillar 2: Agentless Zero Trust Network Access (ZTNA)This is the second "wow" feature. The Netskope One Enterprise Browser can access private applications—the internal-only wikis, dashboards, and tools—without a VPN client. The browser has Netskope Private Access (NPA) capabilities baked in.For the Admin: You simply create a real-time policy in your Netskope tenant, allowing that user/group to access the defined private app. You can even set the "Access Method" to "Enterprise Browser" to create specific policies. For the User: They click a bookmark on their Company Workspace portal. The Enterprise Browser transparently and securely tunnels only that browser session to the private app via the NewEdge network.The unmanaged device never gains network-level access. You've provided secure access to a private app on a BYOD device, solving a problem that was previously "impossible" or required a clunky VDI.Pillar 3: Extension & Threat GovernanceThe browser-as-a-platform is a massive attack vector. Malicious extensions are a huge blind spot. The Netskope One Enterprise Browser gives you full control.From the "Extension Governance" tab, you can create policies to:Block Extensions: Default to blocking all extensions. Allow Extensions: Create an exception list for approved extensions. Force Install: Ensure critical security or productivity extensions are always present. This, combined with Netskope's standard real-time threat protection and content filtering (which are extended to the browser), hardens the browser against both data leakage and incoming threats.Pillar 4: Simplified User Provisioning & ManagementSecurity tools that are hard to use don't get used. The Enterprise Browser is built for speed and simplicity.For the Admin: You don't manage individual browsers. You create "Company Workspaces" in the Netskope UI. Here, you define the application links (SaaS and private) that users assigned to this workspace will see. For the User: They receive an invite, perform a self-service install, and log in once via your existing SAML/SSO provider. They are then presented with a clean, simple portal showing their "Company Workspace" apps.This self-service model means IT isn't bogged down with configuration tickets, and users (like new M&A employees) can get productive in minutes.Putting It All Together: A Practical Use CaseLet's walk through the "Access Corp Resources" use case.The Scenario: A new BYOD contractor needs access to Salesforce (a sanctioned SaaS app) and an internal-only Jira server (a private app). You must prevent them from copying customer lists out of Salesforce but allow them to paste notes into Salesforce cases.The Workflow:Administration Create a "Contractor Workspace" in Netskope and add the Salesforce and Jira app links. Create an "Enterprise Browser Protection" policy that blocks "Copy" and "Print" for the Salesforce application when accessed by the "Contractor" group. Create a "Real-time Protection" policy allowing the "Enterprise Browser" access method to the "Jira - Private App" destination. End User Contractor receives an email. They download and install the Netskope One Enterprise Browser. They launch the browser, are routed to your Okta (or other SSO) login page, and authenticate. They land on their Company Workspace portal. They see two icons: "Salesforce" and "Jira". Actions The user clicks "Salesforce." They can view, edit, and paste text into cases. When they highlight a customer list and hit "Ctrl+C," the policy is enforced and the copy action fails. Data stays put. The user clicks "Jira." The browser's built-in NPA capability creates a secure, application-level tunnel. The Jira server login page appears. The user never saw a VPN client or a loading screen. The Result: The contractor is productive in 15 minutes. Your corporate data is secure, even on an unmanaged device. Your IT team didn't have to configure a laptop or a complex VDI. This is what fast, secure, and easy operationalization looks like.Requirements & ConclusionThis solution is powerful, and getting started is straightforward. Key Requirements:Licensing: Enterprise Browser requires licensing. You'll need to speak with your account management team for access. SSO: The solution relies on Forward Proxy configurations, so any supported SAML/SSO provider will work. Netskope provides instructions for Okta, PingIdentity, and Msft Entra ID. Limitations: It's important to note that Enterprise Browser is NOT accessible for applications accessed through China PoPs.The Final WordThe line between the corporate network and the public internet has been permanently erased. The browser is the new endpoint, and it demands its own security model.The Netskope One Enterprise Browser provides that model. It gives security architects, analysts, and CSOs the one thing they've been missing: the ability to extend granular, zero-trust data and threat protection to any user on any device, without the baggage of clients, hardware, or complex network configurations.Netskope One Enterprise Browser, secure the once unsecurable! (Enhanced with Google Gemini)

Connect With Customer Support
01 Support Portal
accordion image

The best method for communicating a support request with Netskope is via the Netskope Support Portal which is available to Netskope customers.
If you or a member of your team does not have access, please email support@netskope.com and we?ll get you set up.

02 Telephone
accordion image
  • United States of America: +1 (800) 685-2098 (For sales, please call +1 (800) 979-6988)
  • Australia: 1800-505-486
  • Netherlands: 080-0022-4983
  • Germany: 080-0231-1111
  • Singapore: 80-0130-2191
  • India: 00080-0100-4400
  • United Kingdom: 080-0098-8865
03 Email
accordion image

You can always reach out to our support team via email at support@netskope.com. To best handle your request, please provide the following information:

  • Nature of the request (please provide as much detail as possible and screenshots if you have them)
  • Level of urgency
  • Number of users affected
  • Contact details for getting in touch with you or an appropriate member of your team to address the issue
  • Relevant support ticket/case details if you?ve already opened a ticket over the phone or via the Netskope Support Portal
Terms & ConditionsCookie settingsAccessibility statement