@paulsmithau This is a fair statement. The exact protections vary depending on the deployment method used. For example, if using the Netskope steering client, all traffic (Web, Private Application, and non-Web traffic) can be sent to Netskope via the encrypted tunnel. In that case, even on public Wifi your user's traffic would be protected against snooping while applying Netskope's security controls. If you have a specific concern that you'd like more detail on, I'd be happy to address it as well!
Sam explained Netskope can very well protect your own users on random public wifi outside of your company,
However, remember that it is not possible to do MITM / SSL Inspection on an unmanaged devices (due to required CA trust). So, if we read your question differently, it is not possible to fully protect a random/external user on your company guest wifi (because Netskope will be limited to SNI-based HTTPS filtering over GRE/IPSEC/SDWAN steering deployment)