Unable to download applications from the Microsoft Store when using the Web Security Service.
Web Security Service
The Microsoft Store and the Microsoft web servers are doing certificate pinning.
You will need to add the following domains to your SSL exemption policy within the WSS Portal under Policy > Secure Web Gateway > TLS/SSL Interception Policy and set the policy to Do Not Intercept.
These domains can also be bypass from the Web Security Server by going to Service Mode > Network > Bypass Sites Domains > Add Domains. Applies to traffic from the WSS Agent and is available in PAC files for SEP endpoints and Explicit Proxy locations.
If you are using other access methods such as IPsec or Proxy forwarding, you will need to apply the bypass via the firewall or the on-premise proxy appliance.
The list of domains is subject to change, contact the vendor to provide an updated list of domains.
If you are using Universal Policy Enforcement (UPE), the Management Center administrator will need to update their current SSL interception policy and push the new exemption to the WSS enforcement domain.