Hello all,

Long time no posts, so I decided to add another one ;).
Recently I’ve got complains from one company that they cannot access their Microsoft Office 365 environment, whenever they opened Internet Explorer or Google Chrome and tried to access https://login.microsoftonline.com/ the blank page was shown, however HTTPS sign in a browser was also seen meaning that secure connection was in fact established, but no content downloaded. Considering that the only common point between all users is a firewall and it has content inspection features – first step to look into were firewall logs.
Upon looking into a firewall logs I found these wonderful messages:

It appeared that BrightCloud  – the source for threats/malware information used by Meraki has marked IP address 104.74.28.236 as suspicious:
However it is one of the Akamai CDN hosts and I can assume that it is one of the dynamically deployed hosts, and it is used by Microsoft Office 365 now. Potentially, it creates problems all around APAC region.
Strangely enough, but placing domain secure.aadcdn.microsoftonline-p.com to a whitelist did not resolve the issue. Cisco TAC advised to update firmware of the firewall to a beta version(saying that there were some improvements made) or remove Malware Sites from the filtered categories referring to the fact that users are still being protected with AMP feature of firewall. Well done Cisco! Instead of acting on the BrightCloud side they advise customers to disable URL filtering for Malware Sites, or upgrade to a beta version which of course called beta because it is not production ready!
At the moment customer has to rely on the Cisco’s promise that end user stations are still protected by AMP feature, I had to remove Malware Sites category from URL filtering setup to bring Microsoft Office 365 back to work.
Hope it could be useful to others.