Allow users to get to Microsoft but nothing else

cfraser · ‎03-25-2025

Hi,

We are a school using FortiGate on v7.4.7.

We have recently updated our Office package from 2016 to O365, which needs the users to have a licence to be able to access the Office apps.

With exam season coming up, we need to set up a web filter to allow users to authenticate against O365, but not access anything else on the web. Has anyone successfully done this? Our web groups are based on a security group from on-prem AD.

We do block Edge, Chrome and IE via GPO, but the exam board are quite strict about restrictions schools have.

Thanks,

Cameron

akumar02 · ‎03-25-2025

Hello @cfraser ,
You can use ISDB for Microsoft in the Policies and block everything else.
Make sure you have the DNS policy allowed above the ISDB policy.
https://docs.fortinet.com/document/fortigate-cnf/latest/administration-guide/613009/internet-service...

Best Regards,
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: FCA, FCF, FCP-NS, FCSS-NS
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up

iamakk · ‎04-01-2025

Hello, you can create the dedicated firewall policy to achieve this and it will allow to connect only office 365 and other internet will remain block. Screenshot 2025-04-02 112841.png

Regards,
Ashish Kushwaha

Allow users to get to Microsoft but nothing else

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website