To do this, we added the below lines to the default PAC file, and applied it to an Z-App Profile. You only need to carve off the login traffic from Zscaler. Since the authentication process is the only time Microsoft applies conditional access policies related to source IP address, you don’t need to bypass Zscaler for all of the traffic. The customer was also having some authentication challenges, and the customer has now decided to leave Z-App enabled for on-premises and off-premises users. Unfortunately, this also meant that they lost visibility to this traffic and they didn’t benefit from Zscaler’s technical relationship with Microsoft. They did this so that they bypass multi-factor authentication when users logged into O365 from a corporate location. Their previous PAC file had many (but not all) of the O365 URLs completely bypassing Zscaler.
In order to do this, we started with a clean default PAC file. I’ve been working with a current customer to roll out Z-App, and migrate away from a PAC file using a Dedicated Proxy Port (DPP).
0 kommentar(er)
