When the ProxySG or Advanced Secure Gateway appliance accesses Microsoft Lync, it prompts Lync for authentication.
 

Microsoft Lync does not work well with NTLM authentication challenges from the ProxySG or Advanced Secure Gateway appliance.
 

Implement the following CPL rules to bypass authentication for Microsoft Lync related domains:

<Proxy> 
condition=lync_login authenticate(no) Allow 

define condition lync_login 
url.domain=company_domain.com    -- change based on case by case basi
url.domain=infra.lync.com 
url.domain=edge.messenger.live.com 
url.domain=outlook.office365.com 
end    

Note: The above rule example turns off authentication and also allows requests to the domains in the lync_login condition.  If requests for Lync are allowed/blocked within different points in policy then the 'Allow' portion of the CPL example above can be removed.