How should M365 OneDrive and SharePoint be handled during SSL Inspection?

Excluding M365 OneDrive and SharePoint from SSL inspection is the recommended approach because these services utilize specific configurations and optimizations provided by Microsoft to ensure efficient access and performance. By excluding them, you ensure that the traffic remains unaltered and minimizes the risk of breaking the functionality of these services, which may rely on specific protocols and can be adversely affected by SSL inspection.

Moreover, both OneDrive and SharePoint are designed to manage sensitive data and must adhere to strict compliance regulations; SSL inspection could inadvertently expose this data if not handled properly. By using tools like Zscaler's One-Click configuration, administrators can efficiently apply these exclusions within their security policies without compromising the integrity and availability of essential services.

Other approaches, such as inspecting all associated user traffic, using default TLS settings, or enforcing strict certificate validation, could result in degraded performance or disrupted service access for users. These alternatives would not take into account the specific needs and setups of the Microsoft 365 environment, leading to potential operational issues for organizations that depend on these productivity tools.