"Failed to install" message trying to install application from MS store
Article ID: 406026
Updated On:
Products
Issue/Introduction
Users accessing internet sites via Cloud SWG using WSS Agents.
Users reports being unable to install applications from the Microsoft Store using the company portal, getting the following error below:
Applied the changes documented in another KB article reporting the issue, but without any change in behaviour.
Environment
WSS Agent.
Microsoft store applications.
CASB enabled.
Cause
CASB enabled for the microsoft.com domain which prevented SSL interception disabling needed to workaround the issue.
Microsoft store client has certificate pinning enabled.
Resolution
Disabled custom CASB application referencing the microsoft.com top level domains.
In the above case, CASB admin had created a custom CASB application that referenced microsoft.com and disabled it. This disabled SSL interception for the Microsoft store domains.
Additional Information
Disabling SSL interception per the above KB did not resolve the issue, and more importantly the SSL interception was visible in Symdiag PCAPs after making the change.
Digging into the policy showed CASB was enabled, including a number of Microsoft gatelets.
The Microsoft gatelets are very specific to certain Microsoft domains and should not have impacted all, yet all requests for microsoft.com were going into CASB and being SSL intercepted (requirement for CASB).
Feedback
