Hello good afternoon, thank you for your time and for your collaboration.
I have a question, checking the tenant, one of the default policies that are preconfigured at the SSL decrypt Policies level, is one related to the Office 365 Suite, which indicates that decrypt is not performed. It also indicates the following:
Policy name: Default Microsoft appsuite SSL do not decrypt rule
Action: Do Not Decrypt
"SNI-based policies will apply but no deep analysis performed via real-time protection policies"
Based on this: ""SNI-based policies will apply but no deep analysis performed via real-time protection policies"" I understand that it is important to be able to deeply examine Office traffic, to correctly inspect, decrypt and distinguish SaaS Cloud Apps of Office 365, distinguish the movements made by users in Sharepoint, in Teams, in Onedrive, in Outlook, Office 365 in general. Now as indicated, if by default it does not perform Microsoft App Suite traffic decryption, then this means that none of the Inline controls with real-time policies will be effective... Or does this only apply to Office desktop applications? Since reviewing the configuration of "Steering Configuration" Defualt Tenant config, Exceptions, only Office 365 appears, related to the desktop APP: Microsoft Office 365 Outlook.com MacOS / Windows.
Reviewing the details, I see that it does not indicate the entire Suite of all the Applications, including the SaaS cloud Apps, so with this No Decrypt policy, by default I will be losing all visibility of Microsoft...? Or is this because many Microsoft products use Cert Pinned Application ? but if so, what happens with all the Web Cloud App traffic of the Microsoft suite, with this default rule I will not be able to inspect in depth, to apply inline themes, such as restrict download, upload, share, Post, View, Edit , Delete, Share, raneme, among others, that is, everything related to Activities, since by not decrypting, I will not be able to inspect the traffic, correctly identify the applications, the actions, etc. and Netskope will only bypass no matter how much it matches with some real time policy...
I remain attentive to your comments and your considerations, details and/or classifications.