search cancel

Solution recommendations for the web access, for Microsoft SharePoint, OneDrive, and Power bi

book

Article ID: 227437

calendar_today

Updated On:

Products

ProxySG Software - SGOS ISG Proxy

Issue/Introduction

Solution recommendations for the web access, for Microsoft SharePoint, OneDrive, and Power bi

Resolution

For the web access, for Microsoft SharePoint, OneDrive, and Power bi, please see the required solution recommendations below.

SharePoint:

  • How the Microsoft SharePoint Server is deployed (HTTP or HTTPS). Symantec recommends reviewing the
    Microsoft Support website in the first instance.
  • The SharePoint server is setup for NTLM authentication. NTLM authentication is designed to take place between the client and server (point-to-point protocol) with no intermediary terminating device, such as a proxy. If the SharePoint server supports both NTLM and BASIC authentication, then the browser can still successfully
    authenticate while proxied using BASIC authentication.

If your authentication mode does not work or you receive error mentioned above, you must adjust the configuration to
authenticate the user with a different mode. Use the Proxy IP authentication mode instead of the Proxy authentication
mode. This example does not bypass authentication.

  • Proxy: The ProxySG appliance uses an explicit proxy challenge. No surrogate credentials are used. This is the
    typical mode for an authenticating explicit proxy. In some situations, proxy challenges do not work; origin
    challenges are then issued.
  • Proxy-IP: The ProxySG appliance uses an explicit proxy challenge and the client's IP address as a surrogate
    credential: Proxy IP could possibly specify an insecure forward proxy.

Ref. doc.: https://support.symantec.com/en_US/article.TECH242539.html 

1. Access ProxySG appliance Management Console.
2. Launch the VPM (Configuration > Policy > Visual Policy Manager tab; click Launch).

3. Select a Web Authentication Layer. Add a new rule above the current authentication rule that is causing auth issue 
(SharePoint destinations).
4. Specify the destination
    a. Right-click the Destination column and select Set; the VPM displays the Set Destination object.
    b. Select New > Destination Host/Port.

    c. Enter the SharePoint server Host and Port.; click Add.
    d. Click OK to add the object.

5. Change the mode to Proxy IP.

Ref. doc.: https://knowledge.broadcom.com/external/article?articleId=168247

OneDrive:

If you are using authenticated proxies, it is not supported in OneDrive.

Ref. doc. https://support.microsoft.com/en-us/office/restrictions-and-limitations-in-onedrive-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa?ui=en-us&rs=en-us&ad=us#authenticatedproxies

Connecting through a Proxy with Power bi Desktop:

Note

Web requests issued by Power BI Desktop do not use web proxy credentials. In networks that use a proxy server, Power BI Desktop may not be able to successfully make web requests.

System or network administrators can allow the use of default system credentials for web proxy authentication. Administrators can create a registry entry called UseDefaultCredentialsForProxy, and set the value to one (1) to enable the use of default system credentials for web proxy authentication.

The registry entry can be placed in either of the following locations:

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Microsoft Power BI Desktop] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Power BI Desktop]

It is not necessary to have the registry entry in both locations.

Registry key for using default system credentials

Once the registry entry is created (a reboot may be necessary) the proxy settings defined in Internet Explorer are used when Power BI Desktop makes web requests.

As with any change to proxy or credential settings, there are security implications to creating this registry entry, so administrators must make sure they have configured the Internet Explorer proxies correctly before enabling this feature.

Considerations and limitations:

There are a collection of security implications that administrators should consider before enabling this capability.

The following recommendations should be followed whenever enabling this feature for clients:

  • Only use Negotiation as the authentication scheme on the for the proxy server, to ensure only proxy servers that are joined to the Active Directory network are used by the client.
  • Do not use NTLM fallback on clients that use this feature.
  • If users are not on a network with a proxy when this feature is enabled and configured as recommended in this section, the process of attempting to contact the proxy server and using default system credentials is not used.
  • Power BI Desktop is not proxy-aware, and thus proxy mechanisms including Azure Application Proxy and other proxy services, will not work properly with Power BI Desktop

Additional Refs.: 

https://community.snowflake.com/s/article/Connecting-through-a-proxy-with-PowerBI-Desktop

https://docs.microsoft.com/en-us/power-bi/connect-data/desktop-troubleshooting-sign-in