One of the requirements for properly integrating with Microsoft Office 365 is to ensure that your clients and (in some instances such as hybrid Exchange) servers have access to all of the proper en...
Updated Jul 01, 2019
Version 2.0
Blog Post
This is an interesting blog entry that covers off the security perspective from the Exchange Team for outbound security. While it is "possible" to filter based on URL's through a modern proxy server you need to ensure your proxy not only supports URL filtering
but also has the ability to act as a man-in-the-middle for SSL inspection as the URL is embedded within the encrypted payload. There is very little traffic in the O365 solution that isn't encrypted and I'd expect moving forward there will be more encryption
using stronger cryptography. Using an SSL proxy is also going to require a trust relationship between the client and the proxy; requiring the "potential" distribution of certificates to devices, many of which are outside IT's control. It would be possible
to filter based on the SSL Certificate request from the client also, however this is typically cached at the client side and is dependant on the application or browser to refresh the certificate, so this approach cannot be relied upon and isn't mentioned in
any Microsoft documentation. Finally (And I'm aware that this is an Exchange Team blog) there are many protocols used by other clients that simply don't have URL's (IMAPS, POP3S, SMTPS) that don't have URL's for filtering, cannot be proxy'ed and use a potentially
different approach to establishing the SSL or TLS encrypted session. Sorry for posting this to the hosted exchange blog, there simply isn't anywhere on the O365 that has half of what is in this post.