• Home
• CASB
• Microsoft O365
• Setup Guide Microsoft Office365 using CASB

How to secure Microsoft Office365 using CASB Solution

---

Secure your Microsoft Office365 with the CASB solution to protect sensitive business information against unauthorized user access by enabling dynamic security restrictions, deep visibility, active threat detection, and granular access controls. In this guide, we will see how you can configure Office365 with miniOrange CASB Solutions for your organization.

Step 1: Sign up with miniOrange CASB

• Click here to log into your miniOrange account.
  

  (Don’t have an account? No worries, click here to create a new account)

Step 2: Choose Office365 for Configuration

• After signing in, you should be taken to the miniOrange dashboard page. Locate the "Office365" tab and click on the Add App button.



• Select the Add Authentication Source option from the drop-down menu.



• Mention an Authentication name for the authentication source, and click on Generate Metadata.



• After clicking on Generate Metadata, you will get the metadata details, as shown in the image below. Use this data to configure the SAML application in your Identity Provider (IDP).



• If you would like to view the metadata details again, then you can click on the View Metadata button.
• Set up your identity provider like Onelogin, ADFS, Keycloak, etc. to get the required IDP metadata details.
• Now, Enter the remaining details like the IDP Entity ID, SAML Login URL, SAML Logout URL, and X.509 Certificate which you will find in your Identity Provider metadata.
• Once done, Choose the Binding Type for SSO Request as required. You will find this information in the IDP metadata. However, if you are not sure, please select the HTTP-Redirect Binding as the default configuration.



• Click the Save & Next button once you have filled out all the details.
• You have now successfully configured SAML Authentication with miniOrange CASB.

Step 3: Configuring the Office365 Application

• Now, You will be redirected to the Basic Settings section.
• Fill in the following details to configure the Office365 Application:

Application Name:	Enter the name of your application
Organization Domain:	Enter the domain of your organization on Shopify. (Ex: example.com)
Attribute Key:	Enter the Group Attribute Key for the SSO app, which you have configured in the IDP under the SAML attributes section.
Name Attribute Key:	Enter the attribute name like fname,Lname etc.
Enter ACS URL:	Enter the office365 ACS URL as : https://login.microsoftonline.com/login.srf
Enter Entity URL:	Enter the office365 Entity URL as : urn:federation:MicrosoftOnline
CASB Type	Select CASB type as Offline
Enable MDM	If you want to configure MDM on your device, enable it




• Once done, click on Save & Next to save your changes.

Step 4: Configuring Policies

Let’s see how to configure policies for Office365 CASB.

• You should be taken to the Manage Policy screen. Enter your policy details, like Policy Name and Policy Description.



• Follow the below steps to configure restrictions according to your need:

• Network Based Restriction
• Time Based Restriction
• Restrict Import/Export of Files


1. IP Configuration
• Click on Checkbox for “Enable IP Restriction” as shown in the image below.
• By enabling this IP Restriction feature, you are restricting access to users based on their IP addresses:

1) Select the Allow or Deny option to either permit or restrict certain IP addresses.

2) Click on the Add IP Address icon to create a new field where you can add the IP addresses you want to regulate.







2. Location Configuration
• Click on Checkbox for “Enable Location Restriction” as shown in the image below.
• By enabling this feature, you are restricting access to users based on their Location:

1) Select the Allow or Deny option to either permit or restrict certain locations.

2) Select Locations from dropdown.






1. Time of Access Configuration
• Click on Checkbox for “Enable Time of Access Configuration” as shown in the image below.
• By enabling this feature, you will apply time restrictions to users based on the configured settings and specified timings.

1) Select Allow or Deny to permit or restrict user access during the selected time slot.

2) Select the user's timezone.

3) Select the start and end times for the time-based restriction.







2. Session Based Restriction
• Click on Checkbox for “Enable Session Based Restriction” as shown in the image below.
• By enabling this feature, you are restrict user sessions based on configured duration:

1)The session management should be based on days or hours.

2)Enter the duration for restrict user sessions.








1. Prevent Download

• Click on Checkbox for “Enable Prevent Download” as shown in the image below.
• By enabling this feature, you are restricting access to download. Currently this feature is only applicable for Google Docs and Google Drive. Downloading and sharing will be restricted from the apps or groups on which you apply this policy.






2. File Based Restriction

• Click on Checkbox for “Enable File Based Restriction” as shown in the image below.
• Enable this feature to control file uploads based on the allowed extension list.

1)Select the Allow or Deny option to either permit or restrict certain files. e.g. PDF, Doc, ZIP and etc.






3. Enable Disable Copy

• Click on the "Enable Disable copy" checkbox.
• By enabling this feature, you are restricting users from copying the contents of the page.

• Once, done with all the configurations click on Save and Next button.

Step 5: Configuring Groups

Let’s see how to configure Groups for Office365 CASB.

• Now, You are redirected to the Manage Group screen. Enter the Group Name and Group Description. Select the Office365 Policy from the drop-down menu.
• Choose the application to which you want to apply below permissions.

1) App Restriction: In this, the restrictions will be applied over the application based on the policy that you have configured for the group.

2) No App Restriction: In this, there will be no restrictions on the application for the group.

3) Disable App: By choosing this option, the application becomes inaccessible from anywhere for the entire group.

4) Custom App Restriction: By using this, you can apply an application-specific custom application restriction policy to an application that overpowers the group's restriction policy.

• Now, click on Save & Next button.



• After successfully configuring all screens, you will be redirected to the edit screen.

Step 6: Edit Screen

• Basic Settings section You can change any configurations if required in the Authentication.
• Suppose you want to configure different authentication sources. In that case, you can simply click on the Authentication Source in the Navigation Bar, where you will be able to add, view & edit authentication sources.



• Federation Script - Click on Download Federation Script.




Note: Run the downloaded federation script using command powershell -ExecutionPolicy ByPass -File [Your File Name].ps1



• After running the command in Windows PowerShell, a pop-up will appear and Enter your Office365 Admin account credentials.



• Open your authenticator app and enter the displayed number to approve the sign-in request.



• The federation script successfully completed, as shown in the image below.



• In the Groups Settings section You can add and configure groups on this screen and view all configured groups. Now, Click on Add New Group.
• You will get a pop-up for adding a new group and you can configure it using the above mentioned steps.



• In the 'Session Management' section, you can see the details of logged-in users' sessions.

External References

• What is a CASB?
• Microsoft Cloud Apps Security with CASB Solutions
• Microsoft Office365 CASB solutions for Enterprise Security
• Cloud Access Security Broker (CASB) Solutions