We have an Exchange Hybrid recently setup. We have a conditional access rule which will trigger depending on the source IP of an Outlook client. The issue is that our default route for 443 (which Outlook uses) is to route everything via a cloud proxy called Zscaler, but we want to exclude and bypass the cloud proxy for anything that Outlook routes to behind the scenes. There are many exclusions recommended by MS, and a lot that contain wild card URL's, however firewall routes don't allow wildcards, and also 365 sites are always changing.
Any suggestions?