Microsoft Entra IdP: Configuring Reverse Proxy for Microsoft 365
Provides the setup instructions for configuring Microsoft 365 for use with Forcepoint Data Security Cloud | SSE when Microsoft 365 uses Microsoft Entra ID as the identity provider.
This feature is helpful for customers who want to provide agentless secure access to Microsoft 365 applications through the Forcepoint Data Security Cloud | SSE reverse proxy while using Microsoft Entra ID as the IdP.
After the reverse proxy application and conditional access policy are configured and active:
-
If a user tries to connect to Microsoft Online (https://login.microsoftonline.com) directly from an unmanaged device, then they will be blocked through the conditional access policy. The policy allows access through the Forcepoint Data Security Cloud | SSE gateways only.
-
If a user connects to Microsoft Apps (https://myapps.microsoft.com) and opens the reverse proxy application, then Forcepoint Data Security Cloud | SSE redirects the user to the correct reverse proxy URL. The user can access their applications after they re-authenticate.
Configuring SSO between Microsoft 365 applications and Forcepoint Data Security Cloud | SSE when Microsoft Entra ID is configured as the IdP causes a login loop. This is because the application directs sign-in requests to Forcepoint Data Security Cloud | SSE, which relays the request to Microsoft Entra ID, which in turn checks the M365 setup and sends the request back to Forcepoint Data Security Cloud | SSE. To overcome this issue, users connecting from unmanaged devices will be prompted to sign in twice—first to access myapps.microsoft.com and then again after clicking the Reverse Proxy application. If both authentications are successful, users can access Microsoft applications via Forcepoint Data Security Cloud | SSE reverse proxy.