Support Center > Search Results > SecureKnowledge Details
Configuring an Office 365 Capsule Workspace Account Technical Level

The following instructions allow Check Point Capsule Workspace mobile app to connect to an Office 365 account's Web services via a Mobile Access gateway.


  • Recommended: A local Microsoft Active Directory server.

  • If the customer is NOT using an Microsoft Active Directory, it will work with the internal users, as well.

  • A Management Server R77.20, R77.30, or R80.10 and above.

  • A Mobile Access gateway R77.20, R77.30, R80.10 and above with access to the AD server and the Internet.

  • A mobile device with Capsule Workspace app installed.

  • Access to SmartDashboard R77.20 / R77.30, SmartConsole R80.10 and above and GuiDBedit Tool.



  1. Unless you already have a valid Office 365 account: On the Web, configure an Office 365 Business Premium Trial account.

  2. On the AD server, configure a user with the same settings as the ones used for the Office 365 account:

    1. The username and password must be identical.

    2. The account's 'E-mail' field must be in the form of:

      (According to the username and domain name specified in the Office 365 account)

    Alternatively, configure an internal user whose username is in the form of:
  3. If an AD server is used, then:

    • Management Server R77.30 requires the R77.30 Management Add-on to be installed and enabled
    • For Management Server R80.x, no plugins needed.
  4. In SmartDashboard / SmartConsole, configure a Capsule Workspace Mail application (in in SmartDashboard R77.20, it is called "Secure Container Mail"):

    1. In the 'General' -> 'Exchange' Server field, type:
      and leave the default port (443) as is.

    2. On the 'Exchange Access' tab, make sure the box 'Use encryption' is checked.

    3. Check the 'Use specific domain' setting, and configure the domain specified in the Office 365 account.


      Note: the dialog part of the SSO settings remains as default.
  5. If a local AD is used for authentication, then create an LDAP Account Unit and configure the AD server as the Account Unit's LDAP Server.

    Proceed to create an LDAP user group for the newly-created LDAP Account Unit.
    If a local user is used, then create a local user group instead.

  6. On the Mobile Access 'Policy' page, allow the user group created above access to the newly-configured Secure Container Mail application.

  7. Save your settings and close SmartDashboard / SmartConsole.

  8. Connect with GuiDBedit Tool to Security Management Server / Domain Management Server.

  9. Locate the Secure Container Mail application object.

  10. It its settings, change the 'authentication_method' to Basic.

  11. If an AD server is used, then modify the SSO format of the same object to 'email' syntax ($$user@$$domain) according to the instructions in the Mobile Access Administration Guide (R77.X, R80.10, R80.20, R80.30).
    Note: If the attributes mentioned in the instructions are missing, then something went wrong in Step (3).

  12. Save your settings, and close the GuiDBedit Tool.

  13. Reconnect with SmartDashboard / SmartConsole, and install the policy.

  14. Configure the Mobile Access gateway as a "Site" in the Capsule Workspace app, and authenticate as the Office 365 user.
    The Office 365's mail content appears under the 'Inbox' icon.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document