FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to block personal Microsoft 365 accounts by Inline-CASB microsoft-tenant-control.
Scope
FortiGate v7.4.0 and above.
Solution
FortiGate supports Inline-CASB but only for Enterprise domains and not personal accounts.
Set up the following CASB config to block personal Microsoft 365 accounts:
config casb user-activity edit "microsoft-block_personal_account" set application "microsoft" set category other config match edit 1 config rules edit 1 set type domains set domains "login.live.com" next end next end config control-options edit "block_personal" config operations edit "block_personal" set action new set header-name "sec-Restrict-Tenant-Access-Policy" set values "restrict-msa" next end next end next end
config casb profile edit "casb" config saas-application edit "microsoft" set tenant-control enable set tenant-control-tenants "fortinet-us.com" config custom-control edit "microsoft-block_personal_account" config option edit "block_personal" next end next end next end next end
