Unable to download applications from the Microsoft Store when using the Cloud SWG (formerly known as WSS).

winget install <product> --scope user --accept-package-agreements --verbose-logs
Failed when searching source: msstore
An unexpected error occurred while executing the command:
0x8a15005e : The server certificate did not match any of the expected values.

Windows OS

Cloud SWG (formerly known as WSS)

The Microsoft Store and the Microsoft web servers are doing certificate pinning.

You will need to add the following domains to your SSL exemption policy within the Cloud SWG Portal (Formerly WSS Portal) under Policy >  Secure Web Gateway > TLS/SSL Interception Policy and set the policy to Do Not Intercept.

mp.microsoft.com
store-images.microsoft.com
slscr.update.microsoft.com

These domains can also be bypassed from the Cloud SWG Portal by going to Connectivity > Bypass Sites Domains > Add Domains. Applies to traffic from the WSS Agent and is available in PAC files for SEP endpoints and Explicit Proxy locations.

If you are using other access methods such as IPsec or Proxy forwarding, you will need to apply the bypass via the firewall or the on-premise proxy appliance.

Note:

The list of domains is subject to change, contact the vendor to provide an updated list of domains.

If you are using Universal Policy Enforcement (UPE), the Management Center administrator will need to update their current SSL interception policy and push the new exemption to the Cloud SWG (formerly known as WSS)SWSW enforcement domain.