Best method to SSL inspect Office 365 flows

Hello guys,

I am planning to reactivate office 365 SSL inspection for one of my customer.

At the moment, Microsoft Recommended on click AND Office 365 Oneclick configurations are both activated. Consequently, there is no SSL inspection for most of Office 365 apps (except some which are linked to the Default office 365 category). In addition, some Urls have been manually whitelisted within SSL Inspection exemptions.

As these configurations are tenant wide, and to be able to activate step-by-step with the less impact for endusers, we have manually configured all office 365 apps within an SSL Exception policy where we will unwhitelist them by groupe of 4/5 (from less used to more critical) after SSL been reactivated.

With that said, I am still confused about the potential impacts on an SSL reactivation and actually the best (and complete) method to implement it.

From the documentation (About Microsoft One Click Options | Zscaler), it appears Microsoft Recommended and O365 OneClick can be both used to exclude Office 365 apps from SSL inspection, where MS recommended come with additional DNS/routing/mapping optimizations.

Do I need to turn them off both to reactivate the inspection ? Can I only turn off MS Recommended and stay with O365 OneClick as it is appears (still in this doc) only web-based Office 365 app will be decrypted ? Without network optimization, what could be the impact from enduser experience point of view ?

Hope it’s clear, and thanks in advance for your help.



Hi PierreC, for your question on inspection of MS traffic what you can do is turn off “Enable Microsoft-Recommended One Click Office 365 Configuration” and turn off “Enable Office 365 One Click Configuration” then inspection will take place from there.

Definately once thats turn off traffic will always be inspected and traffic to O365/MS might be slightly delayed or even in some case intermittent connection since the best practice for these traffic is not to be inspected.

Hope it helps to clarify.