Whitelist and Blacklist category issue


I have added “portal.msrc.microsoft.com” this url in the custom category then added the group but unfortunately still user getting block.

  1. First Scenario
    I have added the specific user which was part that group, It is working. Then i again removed the user then I update the Zscaler Policy deleted browser cache memory as well.
    Still user was getting Block page.

2.Second Scenario
then I made this changes “.portal.msrc.microsoft.com” its got fix.

Would you all please elaborate this and what is the best recommendation?


usually, I always use the “.” wildcard, to avoid issues like www.foo.bar vs. foo.bar.

For whitelists, I almost always use “custom category”. Only for “SSL-bypasses” and similar I use “retain parent category”.

Always check the logs why something is blocked, this can help if a URL is assigned to more than one category and also helps to identify if there is an issues with the rule order or “cloud app policy” order.
In the logs you can also see, if the user is correctly authenticated, which should always be the case, if you use Client connector.

Best regards