r/CloudFlare: ZeroTrust & O365

💡

This article archives a conversation, which took place in a subreddit post (original source linked below) and to which I contributed a solution or answer (with the u/MasterofSynapse handle), in a Q&A format.

Original Reddit post: https://www.reddit.com/r/CloudFlare/comments/wlq5mf/zerotrust_o365/

Question

Does anyone have any instructions on how to add O365 to Zero Trust?

Thank you in advance

Answer

Can you tell me a bit about your use case? What Identity Provider are you looking to use with Cloudflare Access?

Do you want to protect other applications or O365 itself with CF Access?

In case of Azure AD as the IdP for Access to reach O365, you won't gain much as Azure AD already has some great security features and MFA built in, even in the cheapest licenses. And you would build a redundant login process since both Access and O365 would use the same credentials from the same directory.

Generally, I don't see the need to protect MS365 with CF Access as Zero Trust since most of the endpoints are open to the world outside your tenant anyways, so you don't really protect anything with ZT.

Comment 1 on Answer

I’m really just trying to add office 365 to the app launcher, to make it easier for employees…they can log into a single website (cloudflare access) and access all of our company apps

Thank you for responding!

My response to comment 1

In that case, just go to the Zero Trust Admin Center at dash.teams.cloudflare.com, then Access > Applications. Add an application and then select Bookmark. That will exactly do what you want. For application URL please use https://portal.office.com