Proxy rules for login interface

%3CLINGO-SUB%20id%3D%22lingo-sub-2082650%22%20slang%3D%22en-US%22%3EProxy%20rules%20for%20login%20interface%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2082650%22%20slang%3D%22en-US%22%3E%3CP%3EWe're%20rolling%20out%20MS%20Teams%20behind%20a%20corporate%20proxy%20which%20requires%20users%20to%20accept%20an%20AUP%20the%20first%20time%20they%20access%20the%20Internet%20in%20a%20session.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20policy%20is%20bypassed%20for%20all%20traffic%20with%20a%20User%20agent%20string%20containing%20%22Teams%2F*%22%2C%20but%20the%20login%20interface%20seems%20to%20use%20a%20generic%20UAS%20instead%2C%20so%20it%20failing%20until%20the%20user%20opens%20their%20browser%20and%20accepts%20the%20AUP%20to%20'unlock'%20their%20Internet%20access.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20also%20added%20http*%3A%2F%2Flogin.microsoft.com%2F*%20and%26nbsp%3Bhttp*%3A%2F%2F*.msidentity.com%2F*%20to%20bypass%20this%20policy%2C%20but%20it%20still%20seems%20to%20be%20failing.%26nbsp%3B%20Do%20I%20need%20to%20add%20the%20A%20records%20that%20these%20CNAMEs%20resolve%20to%20as%20well%3F%26nbsp%3B%20As%20these%20are%20hosted%20by%20a%20CDN%2C%20is%20there%20a%20more%20granular%20set%20of%20URLs%20I%20can%20add%2C%20or%20do%20I%20need%20to%20add%20the%20whole%20CDN%20Domain%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2082650%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eproxy%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ewhitelist%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2090601%22%20slang%3D%22en-US%22%3ERe%3A%20Proxy%20rules%20for%20login%20interface%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2090601%22%20slang%3D%22en-US%22%3EHave%20you%20read%20this%20threads%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-teams%2Fissue-with-microsoft-teams-through-proxy%2Fm-p%2F1621325%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-teams%2Fissue-with-microsoft-teams-through-proxy%2Fm-p%2F1621325%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.lee-ford.co.uk%2Fprepare-network-microsoft-teams%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.lee-ford.co.uk%2Fprepare-network-microsoft-teams%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20might%20give%20you%20some%20light%20to%20the%20situation!%20%3CBR%20%2F%3EAlso%20Microsoft%20has%20a%20doc%20about%20proxies%20here%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-US%2Fmicrosoftteams%2Fproxy-servers-for-skype-for-business-online%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-US%2Fmicrosoftteams%2Fproxy-servers-for-skype-for-business-online%3C%2FA%3E%3F%3CBR%20%2F%3E%3CBR%20%2F%3EAdam%3C%2FLINGO-BODY%3E
New Contributor

We're rolling out MS Teams behind a corporate proxy which requires users to accept an AUP the first time they access the Internet in a session.

 

This policy is bypassed for all traffic with a User agent string containing "Teams/*", but the login interface seems to use a generic UAS instead, so it failing until the user opens their browser and accepts the AUP to 'unlock' their Internet access.

 

I've also added http*://login.microsoft.com/* and http*://*.msidentity.com/* to bypass this policy, but it still seems to be failing.  Do I need to add the A records that these CNAMEs resolve to as well?  As these are hosted by a CDN, is there a more granular set of URLs I can add, or do I need to add the whole CDN Domain?

1 Reply