Zscaler connector winhttp and defender


We are facing an implementation issue and we are seeking for some advices.
We are currently deploying some security software (Defender, intune / win10) and we like that theirs respectives services will be able to talk to the defender server and Intune server regardless of user logged in or not.

We have Zscaler Connector, and the services will use winhttp proxy in system context to communicate with microsoft server.

We are thinking about setting winhttp proxy to localhost:9000. but we fear that it will be unreachable when no user is logged in. so defender services and intunes services will be unavailable without reaching the MS endpoints.

We faced another, issue where ideally we would like to have winhttp proxy set to while on trusted site, and winhttp proxy set to while off site.

Do you faced this kind of issues ? If so what’s the best practices did you implement ?

All opinions would be welcome…
(I have a support ticket open but for the moment no real answer)