Forum Discussion

Peter Abele's avatar
Peter Abele
Former Employee
Nov 27, 2020

SSL decrypt whitelisting recommended vs supported

Hi Team,   I need some clarification regarding supportability of SSL decryption on the proxy against specific O365 endpoints. I understand that MS recommendation is to whitelist all Optimize an...
PaulAndrew's avatar
PaulAndrew
Icon for Microsoft rankMicrosoft
Dec 06, 2020

Peter Abele If your customer wants to get support for Office 365, we recommend bypassing SSL Break and Inspect for the endpoint categories of Optimize and Allow. If your customer calls Microsoft support with connectivity problems and they have SSL Break and Inspect on these endpoints they should expect to be asked to bypass it. Only Default category endpoints can support SSL Break and Inspect.

 

We have a test tool for SSL Break and Inspect meeting the recommendations published at https://connectivity.office.com. It will test all Optimize and Allow category endpoints and list any which have SSL Break and Inspect.

 

You can read public documentation for this at:

http://aka.ms/pnc

 

Also more details here:

Microsoft 365 Network Connectivity Overview - Microsoft 365 Enterprise | Microsoft Docs

Managing Office 365 endpoints - Microsoft 365 Enterprise | Microsoft Docs

Use third-party network devices or solutions with Office 365 - Office 365 | Microsoft Docs

 

Please pass this recommended guidance for the best connectivity, user experience, and supportability on to your customer.

 

Regards,
Paul

Resources