search cancel

Error when downloading applications from the Microsoft Store

book

Article ID: 202647

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Unable to download applications from the Microsoft Store when using the Web Security Service. 

Environment

Windows OS

Web Security Service

Cause

The Microsoft Store and the Microsoft web servers are doing certificate pinning.

Resolution

You will need to add the following domains to your SSL exemption policy within the WSS Portal under Policy >  Secure Web Gateway > TLS/SSL Interception Policy and set the policy to Do Not Intercept.

mp.microsoft.com
storeedgefd.dsx.mp.microsoft.com
storeedgefd.dsx.mp.microsoft.com.edgekey.net
storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net
storeedgefd.xbetservices.akadns.net
e16646.dscg.akamaiedge.net
store-images.microsoft.com
store-images.microsoft.com-c.edgekey.net
store-images.microsoft.com-c.edgekey.net.globalredir.akadns.net
e12564.dspg.akamaiedge.ne
slscr.update.microsoft.com
slscr.update.microsoft.com.akadns.net
sls.update.microsoft.com.akadns.net
sls.row.update.microsoft.com.akadns.net

These domains can also be bypass from the Web Security Server by going to Service Mode >  Network >  Bypass Sites Domains > Add Domains. Applies to traffic from the WSS Agent and is available in PAC files for SEP endpoints and Explicit Proxy locations.

If you are using other access methods such as IPsec or Proxy forwarding, you will need to apply the bypass via the firewall or the on-premise proxy appliance.

Note:

The list of domains is subject to change, contact the vendor to provide an updated list of domains.

If you are using Universal Policy Enforcement (UPE), the Management Center administrator will need to update their current SSL interception policy and push the new exemption to the WSS enforcement domain.