Help with Azure tenant profile

We are evaluating Zscaler and trying to test Azure (and later Google) tenant restrictions.

I have created the tenant profile but don’t see any restrictions in place.

Is there another step? Do we need to avoid the “recommended” One Click option in order to have the Microsoft login requests decrypted?

You should use your tenant restriction profile into the Cloud App Control Policy.
If you’re using Microsoft Tenant restriction it should apply SSL scanning for the login URL only, you should not worry about one click.

Regards, Charles

Thank you. Once I applied that tenant profile to a cloud app policy for IT Services/Microsoft Logon it all started to work. I was missing the policy for IT Services.