Overview

Improvements on Office365 classification in version 7.4.4 x hinders the traffic to be specifically classified for different Office365 Applications.

The User could filter out the Outlook Cloud traffic by defining a Custom Application in 7.4.3, but in version 7.4.4 all Office Cloud Applications are recognized as Office365 traffic, and since there is no sub-classification for that, user cannot take out the Outlook Live traffic any more. (SSL signature definition does not help since Office365 is not categorized as https traffic).

As observed in version 7.4.3 (Office365 Cloud traffic as Https)

As observed in version 7.4.4 u2 (Office365 Cloud traffic as Office365)

This article details the workaround for this issue.

Root Cause

Predefined signature (Office365 Application) overwrites the user custom signature (e.g. "Exchange Online")

Workaround

1. Delete the Office365 from Applications.
   
   
   
   
2. Define your application signature stack based on the host or common names:

   • For example, if the customer needs to strip out the Outlook Live traffic, the following commands could be entered at the CLI (Command Line Interface):

     • application "Exchange Online" signature ssl common_name outlook.office.com

     • Optionally,  application "Exchange Online" signature ssl advanced common_name=%\"outlook\"

3. Use the custom Application in any policy you need it falls into. You can also define same signatures for other applications in the Office365 suite.