SSL Interception Bypass

%3CLINGO-SUB%20id%3D%22lingo-sub-1588576%22%20slang%3D%22en-US%22%3ESSL%20Interception%20Bypass%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1588576%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20my%20customer%20is%20having%20issues%20configuring%20SSL%20interception%20bypass%20for%20AIP%20protection%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFollowing%20behavior%20is%20observed%20while%20performing%20the%20AIP%20Testing%20%3B%3C%2FP%3E%3COL%3E%3CLI%3E*.Aadrm.com%20is%20auth%20bypassed%20for%20everyone.%3C%2FLI%3E%3CLI%3ESSL%20interception%20bypass%20doesn%E2%80%99t%20work%20when%20it%20is%20based%20on%20Window%20Name%2FAD%20User%20Name%20%2C%20same%20test%20works%20fine%20when%20%3CSTRONG%3EIP%26nbsp%3Baddress%3C%2FSTRONG%3E%20of%20the%20user%E2%80%99%20machine%20gets%20added%20to%20SSL%20interception%20bypass%20rule%20%26nbsp%3Bfor%20required%20URLs.%3C%2FLI%3E%3C%2FOL%3E%3CP%3ENow%20the%20query%20is%20%3A%3C%2FP%3E%3COL%3E%3CLI%3EIs%20IP%20based%20SSL%20bypass%20the%20only%20way%20to%20get%20the%20SSL%20interception%20bypassed%20for%20Office%20365%20URLs%3F%3C%2FLI%3E%3CLI%3EIs%20there%20any%20documentation%20from%20Microsoft%20for%20AD%20based%20(user%20name)%20SSL%20Bypass%20for%20proxy%3F%20Proxy%20model%20is%26nbsp%3BBluecoat%20Proxy%20SG%20Version%206.1.2.14%26nbsp%3B%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

Hello Everyone,

 

One of my customer is having issues configuring SSL interception bypass for AIP protection 

 

Following behavior is observed while performing the AIP Testing ;

  1. *.Aadrm.com is auth bypassed for everyone.
  2. SSL interception bypass doesn’t work when it is based on Window Name/AD User Name , same test works fine when IP address of the user’ machine gets added to SSL interception bypass rule  for required URLs.

Now the query is :

  1. Is IP based SSL bypass the only way to get the SSL interception bypassed for Office 365 URLs?
  2. Is there any documentation from Microsoft for AD based (user name) SSL Bypass for proxy? Proxy model is Bluecoat Proxy SG Version 6.1.2.14 

 

1 Reply
Highlighted
The easiest way to bypass is with a PAC file that you deploy to client machines using AD group policy. You can bypass the proxy server using URLs in that way.