Customer has allowed the MS services domains for HTTPS traffic but the services still are not working on the client for Azure Cloud Active Directory and Onedrive

Policy set up:

• "No authenticate" attributes set
• "No SSL-interception" attributes set
• "ALLOW" set to bypass on Proxy
• Customer is using very restrictive Policy rules
• MS Services are set to connect only using HTTPS protocol:

List of domains:

• admin.na.aadrm.com
• aka.ms
• api.aadrm.com
• dataservice.protection.outlook.com
• ipv6.msftconnecttest.com
• config.edge.skype.com

Release : 6.7.4.14

No HTTP/HTTPS 1.1 connect method allowed for the Microsoft Services

Rules for HTTP/HTTPS HTTP1.1 Connect for MS services were applied on ProxySG.

When service was changed to Protocol method HTTP/HTTPS with HTTP1.1 tcp-connect the services was able to communicate with Microsoft Server.

Forcing the HTTP/HTTPS 1.1 Connect method to only use the port 443 via CPL (no port 80 allowed):

<proxy>
client.address=<CLIENT IP> http.method=CONNECT url.host=admin.na.aadrm.com url.port=443 ALLOW
client.address=<CLIENT IP> http.method=CONNECT url.host=aka.ms url.port=443 ALLOW
client.address=<CLIENT IP> http.method=CONNECT url.host=api.aadrm.com url.port=443 ALLOW
client.address=<CLIENT IP> http.method=CONNECT url.host=dataservice.protection.outlook.com url.port=443 ALLOW
client.address=<CLIENT IP> http.method=CONNECT url.host=ipv6.msftconnecttest.com url.port=443 ALLOW
client.address=<CLIENT IP> http.method=CONNECT url.host=config.edge.skype.com url.port=443 ALLOW