We are evaluating Zscaler and trying to test Azure (and later Google) tenant restrictions.
I have created the tenant profile but don’t see any restrictions in place.
Is there another step? Do we need to avoid the “recommended” One Click option in order to have the Microsoft login requests decrypted?
You should use your tenant restriction profile into the Cloud App Control Policy.
If you’re using Microsoft Tenant restriction it should apply SSL scanning for the login URL only, you should not worry about one click.
Regards, Charles
Thank you. Once I applied that tenant profile to a cloud app policy for IT Services/Microsoft Logon it all started to work. I was missing the policy for IT Services.
Copyright 2008-2020 Zscaler™, Inc.Zscaler™, SHIFT™, Direct-to-Cloud™, ZPA™, and The Cloud-First Architect™ are trademarks or registered trademarks of Zscaler, Inc.in the United States and/or other countries. All other trademarks are the property of their respective owners.