Tardy Cisco could confuse Office 365

If you run Office365 and a Cisco Web Security Appliance, it's time to pay attention to some small details.

iTnews offers that advice because Cisco has admitted, in a new field notice, that some of its web security appliances can’t currently understand Office365’s communications requirements.

Microsoft operates a global network to help Office365 reach the data centres where the suite stores data. Microsoft runs the network to ensure low latency and therefore a better user experience. And to make sure that security appliances aren't suspicious of its networks, Microsoft helpfully publishes all the URLs that Office365 targets.

Microsoft is not shy about this stuff. The company published a lengthy explanation of its efforts. And in April 2018 the company revealed that it had decided to change the format in which it publishes the list of URLs from XML and an RSS feed to JSON and a REST-based API.

“If you have automation that uses the XML format, you should update that to use the JSON format data,” Microsoft advised back in April.

The change kicked in on October 2.

But Cisco’s field notice reveals the networking giant missed Microsoft’s deadline.

The result is that some Cisco web security appliances running AsyncOS can’t ingest the new feed and won’t update themselves to allow access to any new URLs.

So if Microsoft replaces or re-names resources on its global network, some Cisco and Office365 users many experience degraded performance. 

Cisco’s described a workaround in its field notice, involving a PowerShell script and some manual work. It’s also advised that AsyncOS 10.5.3, due the end of October, and AsyncOS 11.7, due by the end of 2018, will add support for the new REST API and JSON feed.

At which point an upgrade will be required, on top of this workaround. And any affected users will wonder why it took Cisco couldn't deliver in six months.