We have recently enabled conditional access in Entra and ran into a problem.  Our setup says that only machines coming from one of our facilities or a Netskope IP range can access Teams, Outlook, etc.

The issue we are having occurs when a user is booting up their machine, Netskope does not enable before Teams and Outlook, causing the user to have to close the apps and click Sign In until a Netskope tunnel is enabled.

Is there something from the Netskope tenant we need to adjust to prevent users from having to close all of their programs each time they reboot or is this issue on the Microsoft side?  We considered a GPO for preventing Teams and Outlook from booting to allow Netskope to enable as well.

Any information anyone could provide would be appreciated.  Thank you!