Authenticating a Service/Server running under AD Credentials (WinHTTP? Any suggestions)

Our organization is moving form Bluecoat to Zscaler and we have a number of Applications running on Windows 2016/2019 servers that can not authenticate to Zscaler and Azure AD. There are no options in these relatively modern applications to authenticate the way the Zscaler seems to require (Using SSO with Azure AD)

Applications like Dell Boomi run an onprem service via an AD account that executes in a Java Virtual Machine. Oracle supports proxy authentication and it works fine with our OnPrem bluecoat, but we can only get it online with Zscaler with No-Auth rules, which is not acceptable based on our Security Standards.

I understand Zscaler uses WinInet but that is for interactive desktop applications. My last resort has been to look at whether WinHTTP can authenticate to our Zscaler proxy services.

The service account the application runs under is part of AD and Azure AD and the UPN is username@azureaddomain.com. I have tried importing the WinInet proxy settings (DNS name of on Zscaler proxy and port 80) but I wonder if there are additional settings to post authentication to Zscaler Azure AD accounts.

Any advice is appreciated. I can’t imagine Zscaler can’t do what our agin Bluecoat environment can. There are hundreds of applications being moved as part of a major divestiture and we will be cutoff from Bluecoat soon.