Just be careful with on/off-prem configurations. On-prem steering exemptions happen at the proxy level, not client-side at this time. This has the potential for impact if you are running cloud services that use IP address as a means for access control.
For example, we have numerous applications that require coming from an office IP to work. If on-prem is enabled then those applications are still sent to the Netskope proxy (albeit exempted) but will come from a Netskope IP.