Delivery TCP Monitoring shows Connectivity Loss when Microsoft Global Secure Access is enabled, even though TCP/443 is reachable via PowerShell TNC․​​​‌​‍

ERROR MESSAGE: "Connectivity Loss"

SYMPTOMS:

• Delivery TCP monitoring fails

• Experience web path remains functional

• Disabling GSA restores connection

CONTEXT: Occurs when monitoring single-ended Delivery paths with GSA enabled․

IMPACT: Administrators cannot accurately monitor TCP delivery paths․

The client only tunnels traffic sent using sockets. It doesn't tunnel traffic injected to the network stack using a driver (for example, some of the traffic generated by Network Mapper (Nmap)). Injected packets go directly to the network.

Currently there is no resolution for this as this is a limitation with GSA and Packet Injection:

https://learn.microsoft.com/en-us/entra/global-secure-access/reference-current-known-limitations?tabs=windows-client#packet-injection