I am planning to reactivate office 365 SSL inspection for one of my customer.
At the moment, Microsoft Recommended on click AND Office 365 Oneclick configurations are both activated. Consequently, there is no SSL inspection for most of Office 365 apps (except some which are linked to the Default office 365 category). In addition, some Urls have been manually whitelisted within SSL Inspection exemptions.
As these configurations are tenant wide, and to be able to activate step-by-step with the less impact for endusers, we have manually configured all office 365 apps within an SSL Exception policy where we will unwhitelist them by groupe of 4/5 (from less used to more critical) after SSL been reactivated.
With that said, I am still confused about the potential impacts on an SSL reactivation and actually the best (and complete) method to implement it.
From the documentation (About Microsoft One Click Options | Zscaler), it appears Microsoft Recommended and O365 OneClick can be both used to exclude Office 365 apps from SSL inspection, where MS recommended come with additional DNS/routing/mapping optimizations.
Do I need to turn them off both to reactivate the inspection ? Can I only turn off MS Recommended and stay with O365 OneClick as it is appears (still in this doc) only web-based Office 365 app will be decrypted ? Without network optimization, what could be the impact from enduser experience point of view ?
Hope it’s clear, and thanks in advance for your help.