What you will see after enabling One-Click Office 365 Configuration:
The Office 365 One Click Exception Configuration option will be grayed out.
A pre-defined Office 365 One Click Rule will be enabled in SSL Inspection Policy (Policy > SSL Inspection). The rule isn't configurable and can't be deleted. If this rule is enabled, any Office 365 traffic will be exempted from SSL inspection and other web policies, such as URL Filtering and Cloud App Control. For example, if you created a URL policy to block OneDrive, Sharepoint, etc., it won't be applied.
A pre-defined Office 365 One Click Rule will be enabled in Firewall Control (Policy > Firewall > Firewall Control). The rule isn't configurable and can't be deleted. It's automatically created to handle Office 365 traffic through our Firewall module without inspecting the traffic. The rule will allow Office 365 traffic whose destination IP matches Office 365 categories.
If your admin rank is greater than or equal to that of the Firewall rule with top order, then the rule will appear at rule order 1 with your rank. Going forward, only an admin with an equal or higher rank than yours can edit the rule order.
If admin rank is disabled, then the rule will appear at rule order 1 with rank 7.
An Office 365 One Click Rule will be enabled in DNS Control (Policy > Firewall > DNS Control). The rule will allow DNS traffic destined to Office 365. The rule isn't configurable and can't be deleted, but its rule order can be changed, if necessary.
If your admin rank is greater than or equal to that of the DNS rule with top order, then the rule will appear at rule order 1 with your rank. Going forward, only an admin with an equal or higher rank than yours can edit the rule order.
Once Office 365 traffic is sent to the Firewall, the service fingerprint the application. All the fingerprinted information is logged and is viewable in the Office 365 dashboard.
Zscaler overrides the destination IP of Office 365 traffic with the closest CDN destination for the Office 365 application and leverages DNS servers at each of our data centers to provide a better user experience and improved application performance.
DNS optimization is done automatically when Microsoft-Recommended Office 365 One Click Configuration option is enabled.
Microsoft's peering partnership with Zscaler allows for minimal hops into the Microsoft backbone for Office 365 traffic, resulting in a better user experience.
Zscaler exempts some IP/FQDN/URLs from One Click if they are part of the "Default" category. "Default" category endpoints can be treated like regular destinations, which allows customers to apply the appropriate security controls. To learn more about Microsoft categories, see New Office 365 endpoint categories.
Things to take note when using One Click Office 365 Configuration:
For Tunnel 1.0
Only TCP 80/443 will be SSL Exempted but traffic will still go through Zscaler ZIA Service Edge, but all UDP traffics will go direct to Internet
For Tunnel 2.0
All TCP and UDP traffics will be SSL Exempted but traffic will still go through Zscaler ZIA Service Edge