diff --git a/resources/oceanbox-cluster/network-policies/allow-microsoft-oidc-login.yaml b/resources/oceanbox-cluster/network-policies/allow-microsoft-oidc-login.yaml
new file mode 100644
index 00000000..d53abc01
--- /dev/null
+++ b/resources/oceanbox-cluster/network-policies/allow-microsoft-oidc-login.yaml
@@ -0,0 +1,10 @@
+apiVersion: cilium.io/v2
+kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: allow-microsoft-oidc-login
+spec:
+  endpointSelector: {}
+  egress:
+  - toFQDNs:
+    - matchName: login.microsoftonline.com
+    - matchPattern: '*.microsoftonline.com'