Office 365
Office 365 traffic is encoded by default; it can’t be scanned by UCE.
NOTE: When you use a Tenant restriction feature, follow the "Tenant Restriction Section" in this article.
- From the MVISION Cloud navigation tree, click Policy, Web Policy, Lists.
- In the policy tree, click Global Bypass, Office 365 Bypass.
- Optionally, configure criteria to limit the scope of this rule set.
- Select the Office 365 bypass rules that you want enabled.
- Configure the lists associated with the rules as needed.
For more information, see the UCE
product guide.
Windows Update
Windows update is a trusted source. Bypass this service because it constantly generates a huge amount of data.
- From the MVISION Cloud navigation tree, click Policy, Web Policy, Policy.
- In the policy tree, select Global Bypass, Update Server Bypass.
- Optionally, configure criteria to limit the scope of this rule set.
- Select the update server bypass rules that you want enabled.
- Configure the lists associated with the rules as needed.
For more information, see the UCE
product guide.
Streaming data
Audio/video streams consist of binary data. Bypass these sites because of the large amount of data they transfer.
NOTE: If you use McAfee Client Proxy (MCP), apply the solution in
KB92559 - Allowing direct connections to streaming or update sites.
- From the MVISION Cloud navigation tree, select Policy, Web Policy, Policy.
- In the policy tree, select Global Bypass, Global Bypass Lists.
- Optionally, configure criteria to limit the scope of this rule set.
- Select the global bypass list rules you want to enable.
The following table lists the available example rules and the domains they bypass.
| Rule for Site/streaming service |
Domain |
| Amazon Video |
aiv-cdn.net
aiv-cdn.net.c.footprint.net
aiv-delivery.net
amazonvideo.com
atv-ext.amazon.com
atv-ps.amazon.com
d25xi40x97liuc.cloudfront.net
dmqdd6hw24ucf.cloudfront.net
media-amazon.com
primevideo.com |
| YouTube |
youtube.com
youtu.be
ytimg.com
googlevideo.com |
| netflix.com |
nflxvideo.net
netflix.com |
| Microsoft Office Update CDN |
officecdn.microsoft.com.edgesuite.net |
| Apple Software Update CDN |
swcdn.apple.com |
| Blizzard Update CDN: |
level3.blizzard.com |
For more information, see the UCE
product guide.
Tenant Restriction:
- From the MVISION Cloud navigation tree, select Policy, Web Policy, Policy.
- In the policy tree, select Global Bypass, Office 365 Bypass.
- Enable Code View. You see the Bypass Code displayed.
- Confirm if the following code is added or not.
// Can't bypass URLs that are needed for Tenant Restriction!
IF urlHost.StartsWithCaseInsensitive ("login.") THEN
END
If yes, Tenant Restriction Bypass configuration is already added. You don’t need to do any extra configuration for the feature. You can back to Office 365 section in this article and bypass Office 365 traffic.
If not, go to the next step.
- Open Global Bypass (...) and click Add New Ruleset.
- Select Office 365 Bypass, Add. Office 365 Bypass New1 is created.
- Select Office 365 Bypass New1.
- Enable Code View. You see the Bypass Code displayed.
- Locate the following section:
// just call the MWG functions once, it is faster to lookup mowgli variables than calling the functions
Net.IP destIP = MWG.DestinationIP
STRING urlHost = MWG.Url.Host
- Paste the code:
// Can't bypass URLs that are needed for Tenant Restriction!
IF urlHost.StartsWithCaseInsensitive ("login.") THEN
END
At the end of this section.
For example:
// just call the MWG functions once, it is faster to lookup mowgli variables than calling the functions
Net.IP destIP = MWG.DestinationIP
STRING urlHost = MWG.Url.Host
// Can't bypass URLs that are needed for Tenant Restriction!
IF urlHost.StartsWithCaseInsensitive ("logon.") THEN
END
// Bypass Exchange Online
IF bypassExchange AND (McAfee_Exchange_Online_URLs.Matches(urlHost) OR Net.IsInRangeList (destIP, McAfee_Exchange_Online_IPv4_Addresses) OR Net.IsInRangeList (destIP, McAfee_Exchange_Online_IPv6_Addresses)) THEN {MWG.Allow ("Bypass Exchange Online")
- Click Publish.
- When you see that the Web policy has been published message displayed, click OK.
- Disable Code View.
- Now configure UCE to bypass Office 365 traffic. Use the steps documented above to configure these bypasses.
NOTE: Use the bypass rule (For example, Office 365 Bypass New1) created as part of the Office 365 steps.
