Bypassing Zscaler for all Microsoft Traffic

Hello Everyone!

We have rolled out the ZIA App to our organization - but we have felt some issues with the o365 One Click - The main bug being intermittent silent calls when using MS Teams Enterprise Voice. As a test, we assigned some test users their own app profile, and bypassed everything Microsoft related from https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

This has had a positive affect and vastly reduced the silent calls.

Mgmt have decided they want to roll out o365 bypassing to everyone - is there a clean or recommended way to achieve this? An api maybe?

Many Thanks,
Chris

2 Likes

Following this one, I recently told my SE the same thing…

We use minemeld to do this in a different product. Wonder if that’s possible in zscaler possibly via API and a csv.

Hey Chris,

how did you bypass all the URLs? By VPN bypass in app-profile settings or via pac-file-exceptions?
Thanks!

BR
Manuel

Hi Manuel,

VPN bypass on the in-app profile settings. I don’t think its advisable to use this method for all required bypasses, as there is a character limit.

I’ve logged it with support as well - they said this is the only way to do it.

Zscaler support say no unfortunately…

Yep, that is the answer I was afraid of. The maintenance of this list is quite cumbersome.
But nevertheless thanks!

I’ll leave this here… we are testing it… " we have seen some users who see better Teams performance when bypassing only the Teams media traffic (UDP). So, in the event that you are seeing Teams performance issues for Zscaler Client users, the latest recommendation is to bypass only the three IP CIDR blocks for Teams UDP traffic (listed as Optimize required on Microsoft’s list). You should use ZTunnel 2.0 and add those CIDR blocks to the destination route exclusion list for 2.0 in the app profile."

1 Like

This is the solution for the time being, @Naresh_Kumar_PM is working on some simplifications