Manual Chapter : Using the Office 365 URL Updater

Applies To:

Show Versions Show Versions

F5 SSL Orchestrator

  • 17.0.0
Manual Chapter

Using the Office 365 URL Updater

Before you begin, you will need to have BIG-IP devices with the SSLO service discovered and imported. You will also need to ensure that all devices you wish to add to the Office 365 fetch schedule run the same SSLO RPM version.
To configure the fetch schedule and Office 365 URL categories, do the following:
  1. Navigate to
    SSL Orchestrator
    Office 365 URL Updater
    at the top right. It appears as a link when you do not have a topology configured and an icon when you do.
  2. For
    , specify how often you would like to fetch O365 URL categories. Select a cadence of
    from the dropdown menu and its corresponding time values.
    • Daily
      : Specify the time in a 24-hour format, HH: MM.
    • Weekly
      : Select the day you want to run the report and the time in a 24-hour format.
    • Monthly
      : Select a number for the day of the month you want to run the report and the time in a 24-hour format.
  3. To authorize SSLO to fetch O365 URL categories on clicking
    , select the checkbox
    Fetch Now
  4. Specify an
    from the dropdown menu from which to fetch the URL categories.
  5. Select the
    Use required URLs only
    checkbox to fetch the minimum required URLs for O365 connectivity. Not selecting this option fetches all URLs, including the minimum required ones.
  6. For
    Include URLs
    , enter a URL not categorized as an O365 URL that you would like to fetch. Then, add additional URLs using the
  7. To exclude URLs or domain extensions from this fetch, enter the URL or extension in the
    Exclude URLs
    For example, if you want to exclude from your fetch and all addresses ending in .net, enter
    in the field, select the
    icon to add an additional line. Then, on the next line, enter
  8. Select the
    Create IP Datagroups
    checkbox to create IP data groups consisting of IP addresses after fetching URLs.
  9. For
    Exclude IPs
    , enter IP address that you would like to omit from this fetch request. Add additional IP addresses using the + icon.
  10. From the
    Trusted Certificate Authority
    list, choose a trusted certificate authority.
    • None
      : Specifies that no CA is trusted for server-side processing.
    • ca-bundle
      : Uses the
      file, which contains all well-known public certificate authority (CA) certificates for server-side processing.
    • default
      : Specifies that the trusted CA for server-side processing is the default certificate on the system.
  11. In the O365 Categories section, specify whether you want to create a single URL data set and/or separate data sets for O365 Optimize/Default/Allow categories.
    • Default
      : If you add the
      category to a policy, the package will be inspected.
    • All
      : If you fetch
      categories, you can add URLs from all categories to a security policy. The
      option is not editable and is selected by default. The BIG-IP will always create a data set containing all O365 URLs.
    • Optimize
      : If you select the
      category to add to a security policy, you choose to optimize traffic speed for critical Microsoft endpoints such as Outlook and Sharepoint.
    • Allow
      : If you add the
      category of O365 URLs to a security policy, the traffic will not be inspected.
    Refer Office 365 endpoint categories for more information.
  12. Select the service area from which you would like to fetch URLs. Available options are
    , and
    . The
    option is not editable and is selected by default. The BIG-IP will always fetch the common O365 URLs.
  13. The
    Run Information
    section displays the last run time, the upcoming run schedule, and the current status of the O365 URL update.
  14. Select
    to save this schedule.
After finishing configuration, you can add the Office 365 URL categories to a security policy rule when the network traffic matches all categories. You can then deploy the security policy on target BIG-IP devices.