Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
- Fortinet Community
- Knowledge Base
- FortiSASE
- Technical Tip: FortiSASE SWG SSO users unable to c...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
| Description |
This article describes the case when SWG with SSO authentication for FortiSASE is used, access to Microsoft 365 applications, such as Microsoft Teams, Outlook, Word, Excel, PowerPoint, etc, loses connectivity and ceases to be accessible. |
| Scope | FortiSASE. |
| Solution |
To fix this, a custom PAC file is required. Log in to the FortiSASE portal, go to System -> SWG Configuration, and download the PAC File. This PAC File must be hosted in a publicly accessible place, such as an AWS S3 Bucket.
Refer to this Microsoft resource for Microsoft 365 application IP ranges and/or FQDNs: Microsoft 365 URLs and IP address ranges.
These are always being updated and should be checked from time to time to ensure the existing FQDNs, IP range in the custom PAC file are relevant.
Custom PAC file:
function FindProxyForURL(url, host) { var direct = "DIRECT"; var proxyServer = "PROXY <FortiSASE-SWG-Turbo-FQDN:SWG-Port>";
if(shExpMatch(host, "*.aadrm.com") || shExpMatch(host, "*.live.com") || shExpMatch(host, "*.live.net") || shExpMatch(host, "*.acompli.net") || shExpMatch(host, "*.activity.windows.com") || shExpMatch(host, "*.appex.bing.com") || shExpMatch(host, "*.appex-rf.msn.com") || shExpMatch(host, "*.aria.microsoft.com") || shExpMatch(host, "*.assets-yammer.com") || shExpMatch(host, "*.auth.microsoft.com") || shExpMatch(host, "*.azure-apim.net") || shExpMatch(host, "*.azurerms.com") || shExpMatch(host, "*.cloud.microsoft") || shExpMatch(host, "*.cortana.ai") || shExpMatch(host, "*.entrust.net") || shExpMatch(host, "*.events.data.microsoft.com") || shExpMatch(host, "*.flow.microsoft.com") || shExpMatch(host, "*.geotrust.com") || shExpMatch(host, "*.hip.live.com") || shExpMatch(host, "*.informationprotection.azure.com") || shExpMatch(host, "*.keydelivery.mediaservices.windows.net") || shExpMatch(host, "*.lync.com") || shExpMatch(host, "*.mail.protection.outlook.com") || shExpMatch(host, "*.microsoft.com") || shExpMatch(host, "*.microsoftonline.com") || shExpMatch(host, "*.microsoftonline-p.com") || shExpMatch(host, "*.microsoftusercontent.com") || shExpMatch(host, "*.msauth.net") || shExpMatch(host, "*.msauthimages.net") || shExpMatch(host, "*.msecnd.net") || shExpMatch(host, "*.msftauth.net") || shExpMatch(host, "*.msftauthimages.net") || shExpMatch(host, "*.msftidentity.com") || shExpMatch(host, "*.msidentity.com") || shExpMatch(host, "*.msocdn.com") || shExpMatch(host, "*.mx.microsoft") || shExpMatch(host, "*.o365weve.com") || shExpMatch(host, "*.office.com") || shExpMatch(host, "*.office.net") || shExpMatch(host, "*.office365.com") || shExpMatch(host, "*.officeapps.live.com") || shExpMatch(host, "*.omniroot.com") || shExpMatch(host, "*.onenote.com") || shExpMatch(host, "*.online.office.com") || shExpMatch(host, "*.onmicrosoft.com") || shExpMatch(host, "*.outlook.com") || shExpMatch(host, "*.outlookmobile.com") || shExpMatch(host, "*.phonefactor.net") || shExpMatch(host, "*.portal.cloudappsecurity.com") || shExpMatch(host, "*.powerapps.com") || shExpMatch(host, "*.powerautomate.com") || shExpMatch(host, "*.protection.office.com") || shExpMatch(host, "*.protection.outlook.com") || shExpMatch(host, "*.public-trust.com") || shExpMatch(host, "*.search.production.apac.trafficmanager.net") || shExpMatch(host, "*.search.production.emea.trafficmanager.net") || shExpMatch(host, "*.search.production.us.trafficmanager.net") || shExpMatch(host, "*.security.microsoft.com") || shExpMatch(host, "*.sharepoint.com") || shExpMatch(host, "*.sharepointonline.com") || shExpMatch(host, "*.skype.com") || shExpMatch(host, "*.static.microsoft") || shExpMatch(host, "*.streaming.mediaservices.windows.net") || shExpMatch(host, "*.svc.ms") || shExpMatch(host, "*.symcb.com") || shExpMatch(host, "*.symcd.com") || shExpMatch(host, "*.teams.cloud.microsoft") || shExpMatch(host, "*.teams.microsoft.com") || shExpMatch(host, "*.usercontent.microsoft") || shExpMatch(host, "*.verisign.com") || shExpMatch(host, "*.verisign.net") || shExpMatch(host, "*.virtualearth.net") || shExpMatch(host, "*.wns.windows.com") || shExpMatch(host, "*.yammer.com") || shExpMatch(host, "*.yammerusercontent.com") || shExpMatch(host, "*cdn.onenote.net") || shExpMatch(host, "account.activedirectory.windowsazure.com") || shExpMatch(host, "account.live.com") || shExpMatch(host, "accounts.accesscontrol.windows.net") || shExpMatch(host, "activation.sls.microsoft.com") || shExpMatch(host, "activity.windows.com") || shExpMatch(host, "adl.windows.com") || shExpMatch(host, "admin.microsoft.com") || shExpMatch(host, "admin.onedrive.com") || shExpMatch(host, "adminwebservice.microsoftonline.com") || shExpMatch(host, "ajax.aspnetcdn.com") || shExpMatch(host, "aka.ms") || shExpMatch(host, "amp.azure.net") || shExpMatch(host, "api.passwordreset.microsoftonline.com") || shExpMatch(host, "apis.live.net") || shExpMatch(host, "appsforoffice.microsoft.com") || shExpMatch(host, "assets.onestore.ms") || shExpMatch(host, "auth.gfx.ms") || shExpMatch(host, "autodiscover.*.onmicrosoft.com") || shExpMatch(host, "autologon.microsoftazuread-sso.com") || shExpMatch(host, "becws.microsoftonline.com") || shExpMatch(host, "c.bing.com") || shExpMatch(host, "c.bing.net") || shExpMatch(host, "c.live.com") || shExpMatch(host, "c1.microsoft.com") || shExpMatch(host, "cacerts.digicert.com") || shExpMatch(host, "ccs.login.microsoftonline.com") || shExpMatch(host, "cdn.odc.officeapps.live.com") || shExpMatch(host, "cdn.uci.officeapps.live.com") || shExpMatch(host, "cert.int-x3.letsencrypt.org") || shExpMatch(host, "clientconfig.microsoftonline-p.net") || shExpMatch(host, "companymanager.microsoftonline.com") || shExpMatch(host, "compliance.microsoft.com") || shExpMatch(host, "crl.globalsign.com") || shExpMatch(host, "crl.globalsign.net") || shExpMatch(host, "crl.identrust.com") || shExpMatch(host, "crl.microsoft.com") || shExpMatch(host, "crl3.digicert.com") || shExpMatch(host, "crl4.digicert.com") || shExpMatch(host, "dc.services.visualstudio.com") || shExpMatch(host, "defender.microsoft.com") || shExpMatch(host, "device.login.microsoftonline.com") || shExpMatch(host, "dgps.support.microsoft.com") || shExpMatch(host, "docs.microsoft.com") || shExpMatch(host, "ecn.dev.virtualearth.net") || shExpMatch(host, "enterpriseregistration.windows.net") || shExpMatch(host, "eus-www.sway-cdn.com") || shExpMatch(host, "eus-www.sway-extensions.com") || shExpMatch(host, "g.live.com") || shExpMatch(host, "go.microsoft.com") || shExpMatch(host, "graph.microsoft.com") || shExpMatch(host, "graph.windows.net") || shExpMatch(host, "informationprotection.hosting.portal.azure.net") || shExpMatch(host, "isrg.trustid.ocsp.identrust.com") || shExpMatch(host, "join.secure.skypeassets.com") || shExpMatch(host, "login.live.com") || shExpMatch(host, "login.microsoft.com") || shExpMatch(host, "login.microsoftonline.com") || shExpMatch(host, "login.microsoftonline-p.com") || shExpMatch(host, "login.windows.net") || shExpMatch(host, "login.windows-ppe.net") || shExpMatch(host, "logincert.microsoftonline.com") || shExpMatch(host, "loginex.microsoftonline.com") || shExpMatch(host, "login-us.microsoftonline.com") || shExpMatch(host, "mem.gfx.ms") || shExpMatch(host, "mlccdnprod.azureedge.net") || shExpMatch(host, "mscrl.microsoft.com") || shExpMatch(host, "msdn.microsoft.com") || shExpMatch(host, "nexus.microsoftonline-p.com") || shExpMatch(host, "o15.officeredir.microsoft.com") || shExpMatch(host, "ocos-office365-s2s.msedge.net") || shExpMatch(host, "ocsp.digicert.com") || shExpMatch(host, "ocsp.globalsign.com") || shExpMatch(host, "ocsp.msocsp.com") || shExpMatch(host, "ocsp2.globalsign.com") || shExpMatch(host, "ocspx.digicert.com") || shExpMatch(host, "office.live.com") || shExpMatch(host, "office15client.microsoft.com") || shExpMatch(host, "officeapps.live.com") || shExpMatch(host, "officecdn.microsoft.com") || shExpMatch(host, "officecdn.microsoft.com.edgesuite.net") || shExpMatch(host, "officeclient.microsoft.com") || shExpMatch(host, "officepreviewredir.microsoft.com") || shExpMatch(host, "officeredir.microsoft.com") || shExpMatch(host, "officespeech.platform.bing.com") || shExpMatch(host, "oneclient.sfx.ms") || shExpMatch(host, "oneocsp.microsoft.com") || shExpMatch(host, "otelrules.azureedge.net") || shExpMatch(host, "outlook.cloud.microsoft") || shExpMatch(host, "outlook.office.com") || shExpMatch(host, "outlook.office365.com") || shExpMatch(host, "partnerservices.getmicrosoftkey.com") || shExpMatch(host, "passwordreset.microsoftonline.com") || shExpMatch(host, "platform.linkedin.com") || shExpMatch(host, "prod.msocdn.com") || shExpMatch(host, "protection.office.com") || shExpMatch(host, "provisioningapi.microsoftonline.com") || shExpMatch(host, "purview.microsoft.com") || shExpMatch(host, "r.office.microsoft.com") || shExpMatch(host, "secure.globalsign.com") || shExpMatch(host, "security.microsoft.com") || shExpMatch(host, "shellprod.msocdn.com") || shExpMatch(host, "signup.live.com") || shExpMatch(host, "smtp.office365.com") || shExpMatch(host, "spoprod-a.akamaihd.net") || shExpMatch(host, "storage.live.com") || shExpMatch(host, "support.microsoft.com") || shExpMatch(host, "sway.com") || shExpMatch(host, "teams.cloud.microsoft") || shExpMatch(host, "teams.microsoft.com") || shExpMatch(host, "technet.microsoft.com") || shExpMatch(host, "tse1.mm.bing.net") || shExpMatch(host, "wus-www.sway-cdn.com") || shExpMatch(host, "wus-www.sway-extensions.com") || shExpMatch(host, "www.acompli.com") || shExpMatch(host, "www.bing.com") || shExpMatch(host, "www.digicert.com") || shExpMatch(host, "www.microsoft.com") || shExpMatch(host, "www.microsoft365.com") || shExpMatch(host, "www.onedrive.com") || shExpMatch(host, "www.outlook.com") || shExpMatch(host, "www.sway.com")) { return direct; }
return proxyServer; } |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.