We are looking into securing outgoing internet traffic from workloads running in Azure using ZScaler Internet Access. The intention was to use ZScaler as a trusted security partner on the Azure Firewall Manager (https://docs.microsoft.com/en-us/azure/firewall-manager/trusted-security-partners). The workload that should be secured is not user driven traffic (VDI or the like), but rather coming from a number of PaaS services, among others
- Azure Functions
- Data Factory
- Logic Apps
The questions is, whether is possible to get SSL inspection on the traffic coming from these PaaS services, when we are not able to control the certificate root trust on these services?