Zscaler connector winhttp and defender


We are facing an implementation issue and we are seeking for some advices.
We are currently deploying some security software (Defender, intune / win10) and we like that theirs respectives services will be able to talk to the defender server and Intune server regardless of user logged in or not.

We have Zscaler Connector, and the services will use winhttp proxy in system context to communicate with microsoft server.

We are thinking about setting winhttp proxy to localhost:9000. but we fear that it will be unreachable when no user is logged in. so defender services and intunes services will be unavailable without reaching the MS endpoints.

We faced another, issue where ideally we would like to have winhttp proxy set to while on trusted site, and winhttp proxy set to while off site.

Do you faced this kind of issues ? If so what’s the best practices did you implement ?

All opinions would be welcome…
(I have a support ticket open but for the moment no real answer)


@sperson did you get any fix for this? We have the same issue - deploying defender on VDI with a zscaler connector.

We have a .pac file on the desktop machines for user traffic, but because Defender uses SYSTEM/LocalSystem traffic , it doesn’t appear to work. I have exhausted the MS documentation that involves configuring a winhttp proxy on the system (doesn’t work) and setting the ‘Connected User Experience and Telemetry’ and ‘Disable Authenticated Proxy’ usage - these are the two options for Registry based proxy configuration covered under ‘Network requirements’ for Defender. We have not had any response from zscaler on how their appliances handle local system traffic (which is unauthenticated, I assume).