Forensic reports show 'No user' instead of the username.
Web Security Service
'No user' shows up in logs because SSL interception is disabled.
Enable SSL interception in the web portal.
If the users access a site that is added to Trusted Destinations list, that would mean that the Trusted Destination rule is disabling authentication and categorization for those web apps, domains and IPs. In other words, the WSS won't assign a category to those destinations and it won't ask for credentials to allow access.
Removing the sites from the Trusted Destination list will allow SSL interception.