https://community.cisco.com/t5/network-security/how-to-allow-office-365-domain-address-in-access-rule/m-p/3820188#M925774 <P>You have to do couple of things to achieve what you want to achieve.</P> <P>&nbsp;</P> <P>1) Obtain Office Subnets (Ip address range / subnet mask) from O365 team</P> <P>2) Create Network Objects for each Subnet</P> <P>3) Add all of them to a "Office_Networks" object.</P> <P>4) Create a Global Trusted Policy (check Screenshot) and add Office Network Object</P> <P>5) Add Office O365 as Trusted Application in 'Trusted Application' rule. (Check Screenshot).</P> <P>&nbsp;</P> Fri, 15 Mar 2019 14:01:37 GMT InTheJuniverse 2019-03-15T14:01:37Z https://community.cisco.com/t5/network-security/how-to-allow-office-365-domain-address-in-access-rule/m-p/3819138#M925772 <P>Hi All,</P><P>I am new to working on Cisco Firepower and was looking for guidance on the following:</P><P>I need to create an access rule to allow access to the Office 365 services.</P><P>I have all of the domain names required to add to the rule e.g. *.office.com, *.sharepointonline.com but i am unable to find how to create an object that can encompass this.</P><P>I can create a network object using an IP address.</P><P>&nbsp;</P><P>When i create a network object (Object &gt; Object Management &gt; Network), am i supposed to use the 'FQDN' option and then enter the value '*.office.com'?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cisco_fwrpwr_fqdn.png" style="width: 522px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/31891iD5E21FE82B8CDB47/image-size/large?v=v2&amp;px=999" role="button" title="cisco_fwrpwr_fqdn.png" alt="cisco_fwrpwr_fqdn.png" /></span></P><P>&nbsp;</P><P>Do i also need to create a single object for each domain and then create a group and add them to it?</P><P>&nbsp;</P><P>I hope that this makes sense.</P><P>Your help is appreciated.</P><P>&nbsp;</P><P>Regards,</P><P>&nbsp;</P><P>Angelo</P> Fri, 21 Feb 2020 16:56:32 GMT https://community.cisco.com/t5/network-security/how-to-allow-office-365-domain-address-in-access-rule/m-p/3819138#M925772 AngeloAnelloIT 2020-02-21T16:56:32Z https://community.cisco.com/t5/network-security/how-to-allow-office-365-domain-address-in-access-rule/m-p/3820106#M925773 <P>Hi,</P> <P>Check out <A href="https://clnv.s3.amazonaws.com/2019/eur/pdf/BRKSEC-2033.pdf" target="_self">this</A> Cisco Live session (BRKSEC-2033), it's a dedicated session using Office 365 and Firepower. It also provides some python scripts.</P> <P>&nbsp;</P> <P>HTH</P> Fri, 15 Mar 2019 11:20:41 GMT https://community.cisco.com/t5/network-security/how-to-allow-office-365-domain-address-in-access-rule/m-p/3820106#M925773 Rob Ingram 2019-03-15T11:20:41Z https://community.cisco.com/t5/network-security/how-to-allow-office-365-domain-address-in-access-rule/m-p/3820188#M925774 <P>You have to do couple of things to achieve what you want to achieve.</P> <P>&nbsp;</P> <P>1) Obtain Office Subnets (Ip address range / subnet mask) from O365 team</P> <P>2) Create Network Objects for each Subnet</P> <P>3) Add all of them to a "Office_Networks" object.</P> <P>4) Create a Global Trusted Policy (check Screenshot) and add Office Network Object</P> <P>5) Add Office O365 as Trusted Application in 'Trusted Application' rule. (Check Screenshot).</P> <P>&nbsp;</P> Fri, 15 Mar 2019 14:01:37 GMT https://community.cisco.com/t5/network-security/how-to-allow-office-365-domain-address-in-access-rule/m-p/3820188#M925774 InTheJuniverse 2019-03-15T14:01:37Z