10-May-2021 03:36
is it practical to secure application like Office 365 through WAF ?
Solved! Go to Solution.
10-May-2021 11:46
Ah, I did not understand this from your initial question.
So you have a web application that is interacting with O365, but the web application is internet facing? In that case should could limit access to only known O365 public IP addresses. Check out this git repo: https://github.com/brett-at-f5/f5-office365-ip-url-automation
Probably you can create an iRule to block access if the traffic is not coming from O365 source IP addresses.
Or you can secure your web app with AdvWAF.
Or a combination of both.
10-May-2021 04:49
Hi BLUE,
my short answer is NO. And the explanation is: Microsoft is taking care of that already (I never thought I'd ever say this... 😁 ). Any kind of SaaS application should be protected by the vendor and not by the customer. It's running in their datacenters, they must protect it.
KR
Daniel
10-May-2021 11:36
😂
Hi Daniel,
so basically if i have web application that integrated with sth same as Office 365 , no need to be secured by WAF .
Clear , thanks.
10-May-2021 11:46
Ah, I did not understand this from your initial question.
So you have a web application that is interacting with O365, but the web application is internet facing? In that case should could limit access to only known O365 public IP addresses. Check out this git repo: https://github.com/brett-at-f5/f5-office365-ip-url-automation
Probably you can create an iRule to block access if the traffic is not coming from O365 source IP addresses.
Or you can secure your web app with AdvWAF.
Or a combination of both.
10-May-2021 11:50
OK , NOW it's clear .
Many thanks