Allow Office365 Outlook.com email but block Free outlook.com email
We have a scenario where we block webmail in our environment, except for corporate webmail sites. With a hosted Exchange option and OWA this is easy. However we are getting contractors who are shifting their email to Office365, which authenticates users via outlook.com. Is there a way to allow Office365 authentication to outlook.com without allowing the user to log into the free version of outlook webmail as well? Our environment is using FortiOS v5.0.11.
Contractors are usually in separate VLAN. So you can create policy for that VLAN?
In our environment they are not, though the users will have reserved DHCP addresses. We also have an offshore office where this would be applied to the entire site.
The issue isn't segregation of policy. The issue is that for Office365 to authenticate, you need to allow access on HTTPS to the root outlook.com domain as well. On its own this would also grant access to the free webmail component of outlook.com. We want to prevent access to the free webmail component while still letting the user authenticate and log in to the Office365 business version of Outlook webmail.
Then I would copy existing policy and use it on that IP range you have reserved for contractors if this type of operations isn't actually doable thru web or application filter. With this, you will have one policy for them and you can apply whatever you want for them while you are keeping your internal users policies in order. That's how I would do it.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.