Looking for someone to help me understand -- in detail -- what a "local" or "self-looping" VPN is. Microsoft uses this term several times in its pages describing features of web protection in Defender for Endpoint. Is it that Defender forces the apps to use device-based encryption at layer 3 so that Defender can decrypt and inspect the traffic from the app? Is the traffic then sent back to the app for app-based re-encryption after inspection? How does this work?