Proxy rules for login interface
We're rolling out MS Teams behind a corporate proxy which requires users to accept an AUP the first time they access the Internet in a session. This policy is bypassed for all traffic with a User agent string containing "Teams/*", but the login interface seems to use a generic UAS instead, so it failing until the user opens their browser and accepts the AUP to 'unlock' their Internet access. I've also added http*://login.microsoft.com/* and http*://*.msidentity.com/* to bypass this policy, but it still seems to be failing. Do I need to add the A records that these CNAMEs resolve to as well? As these are hosted by a CDN, is there a more granular set of URLs I can add, or do I need to add the whole CDN Domain?
