If you prefer Cloud Edge to scan the encrypted Office 365 traffic, you need to enable Cloud Edge HTTPS scanning and properly import Cloud Edge certificate to the client computers' trusted root CA store in order to provide the best user experience.

Detailed configuration of Cloud Edge are described in the following scenarios:

When HTTPS Inspection is disabled

Cloud Edge will bypass Office 365 traffic since HTTPS scanning is disabled by default. Users should be able to access Office 365 applications without any issues.

When HTTPS Inspection is enabled

Most Office 365 URLs belongs to the URL category Computers/Internet under the General category. By default, this category is checked under URL Category Exceptions list so HTTPS decryption/scanning is bypassed.

• To exempt the entire URLs under the Computers/Internet category, uncheck it from the URL Category Exceptions List. However, the trusted Office 365 domains must be added in the global Approved List to bypass HTTPS decryption/scanning:
  • *.office.com/*
  • *.microsoftonline.com/*
  • *.msftauth.net/*
  • *.msauth.net/*
  • *.office365.com/*
  • *.microsoft.com/*
  • *.skype.com/*
  • *.msocdn.com/*
  • *.msedge.net/*
  • *.sharepoint.com/*
  • *.officeapps.live.com/*
  • *.svc.ms/*
  • *.office.net/*
  • *.sharepointonline.com/*
  • login.windows.net/*
  • owassets.azureedge.net/*
  • spoprod-a.akamaihd.net/*
• To decrypt and scan the Office 365 traffic, enable HTTPS scanning and uncheck Computers/Internet from the Exception list. To make the SSL decryption working smoothly, install the self-signed Cloud Edge certificate on the client's computers.

  Afterwards, Office 365 traffic from these client computers can be decrypted and the content scanned by Cloud Edge smoothly.