Jan 21 2021 06:55 AM
We're rolling out MS Teams behind a corporate proxy which requires users to accept an AUP the first time they access the Internet in a session.
This policy is bypassed for all traffic with a User agent string containing "Teams/*", but the login interface seems to use a generic UAS instead, so it failing until the user opens their browser and accepts the AUP to 'unlock' their Internet access.
I've also added http*://login.microsoft.com/* and http*://*.msidentity.com/* to bypass this policy, but it still seems to be failing. Do I need to add the A records that these CNAMEs resolve to as well? As these are hosted by a CDN, is there a more granular set of URLs I can add, or do I need to add the whole CDN Domain?
Jan 23 2021 04:37 PM