Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Contextual Access Control via Reverse Proxy

Skyhigh CASB for Dynamics 365 provides the Contextual Access Control using Reverse Proxy for managed and unmanaged devices.

Skyhigh CASB can provide a Cloud Access Policy to control services that users can access from managed devices or unmanaged devices and also provides a DLP policy to monitor the sensitive information shared by the user. Microsoft Dynamics 365 feature supports reverse proxy with the following criteria:

  • If you have a managed device, your activities are redirected via proxy and you can access the application directly.
  • If you have an unmanaged device, then downloads are blocked based on the CAP policies.
  • If you have managed or unmanaged devices and sharing sensitive information with other users, then your activities are blocked based on the DLP policies.

When a domain name is added as metadata for Office 365, you might end with a Subject Alternative Name (SAN) limit issue. Example on Domain Name: api.businessappdiscovery.microsoft.com*.crm8.dynamics.com. To avoid this error, you can configure the instance-level domain along with the Service Property as described below:

Additional Configuration:

{
"2698": {
"additionalDomainNamesSANs": "true"
},
"domainnames": {
"21110": ["api.businessappdiscovery.microsoft.com","*.crm8.dynamics.com"]
}
}

Service Property:

Service Property
response.cookies.modify.domains {"cookieDomainConfigList": [{"uri": "/","fromDomainToDomainMap": {"crm8.dynamics.com": "dynamics.com","test.crm8.dynamics.com": "dynamics.com","*.crm8.dynamics.com": "dynamics.com"}}]}

 

Ways to Access Microsoft Dynamics 365

The table summarizes the supported ways to access Microsoft Dynamics 365 via reverse proxy with CAP and DLP policies applied to it.

Legends used in the table:
✔ - Verified and working.
✖ - Cert check prompt is not displayed.
N/A - Not Available

Access Type

Check Cert: Redirect Managed

Check Cert: Block Unmanaged 

Desktop Browser                                            ✔                             ✔
Mobile Browser - Safari (iOS)                                           ✔                             ✔
Mobile Browser - Chrome (iOS)

                                          ✖

 

                            ✖

NOTE: Cert check is not working and behaves like an unmanaged device and getting blocked.

Mobile Browser (Android)                                          ✔                            ✔

Native app (iOS)

                                         ✖

                            ✖


NOTE: Cert check is not working and behaves like an unmanaged device and getting blocked.

Native app (iOS) with device type included  in CAP

                                         ✔

 

                            ✖


NOTE: Not able to detect as a native app and traffic is redirected.

Native app (Android)                                          ✔                             ✔
Native app (Android)  with device type included in CAP

                                         ✖

NOTE: Managed Device login is failed.

                           ✔

NOTE: Unmanaged Device is blocked successfully.

Desktop Native app (Mac)                                         N/A                          N/A
  • Was this article helpful?