Contextual Access Control via Reverse Proxy
Skyhigh CASB for Dynamics 365 provides the Contextual Access Control using Reverse Proxy for managed and unmanaged devices.
Skyhigh CASB can provide a Cloud Access Policy to control services that users can access from managed devices or unmanaged devices and also provides a DLP policy to monitor the sensitive information shared by the user. Microsoft Dynamics 365 feature supports reverse proxy with the following criteria:
- If you have a managed device, your activities are redirected via proxy and you can access the application directly.
- If you have an unmanaged device, then downloads are blocked based on the CAP policies.
- If you have managed or unmanaged devices and sharing sensitive information with other users, then your activities are blocked based on the DLP policies.
When a domain name is added as metadata for Office 365, you might end with a Subject Alternative Name (SAN) limit issue. Example on Domain Name: api.businessappdiscovery.microsoft.com*.crm8.dynamics.com. To avoid this error, you can configure the instance-level domain along with the Service Property as described below:
Additional Configuration: { "2698": { "additionalDomainNamesSANs": "true" }, "domainnames": { "21110": ["api.businessappdiscovery.microsoft.com","*.crm8.dynamics.com"] } }
Service Property:
Service Property | |
---|---|
response.cookies.modify.domains | {"cookieDomainConfigList": [{"uri": "/","fromDomainToDomainMap": {"crm8.dynamics.com": "dynamics.com","test.crm8.dynamics.com": "dynamics.com","*.crm8.dynamics.com": "dynamics.com"}}]} |
Ways to Access Microsoft Dynamics 365
The table summarizes the supported ways to access Microsoft Dynamics 365 via reverse proxy with CAP and DLP policies applied to it.
Legends used in the table: ✔ - Verified and working. ✖ - Cert check prompt is not displayed. N/A - Not Available
Access Type |
Check Cert: Redirect Managed |
Check Cert: Block Unmanaged |
---|---|---|
Desktop Browser | ✔ | ✔ |
Mobile Browser - Safari (iOS) | ✔ | ✔ |
Mobile Browser - Chrome (iOS) |
✖
|
✖ NOTE: Cert check is not working and behaves like an unmanaged device and getting blocked. |
Mobile Browser (Android) | ✔ | ✔ |
Native app (iOS) |
✖ |
✖
|
Native app (iOS) with device type included in CAP |
✔
|
✖
|
Native app (Android) | ✔ | ✔ |
Native app (Android) with device type included in CAP |
✖ NOTE: Managed Device login is failed. |
✔ NOTE: Unmanaged Device is blocked successfully. |
Desktop Native app (Mac) | N/A | N/A |