it is a little bit late but maybe this information still helps you.
At first, what are you looking for or expecting? MWG is a proxy server and normally writes an access log which you can push to your reporting solution (CSR, SIEM, Splunk). There you can create queries and reports based on that data in database.
On MWG, it is recommended to use the "Bypass Microsoft (O365) services" rule set to bypass this traffic from policy. This can be downloaded via UI > Policy > Rule sets > press "Add" button > from library > Common Rules.
This means, you/MWG will only see the CONNECT requests to the host, e.g. skype.com and that is all.
Reason: There are some services which use proprietary protocols (non-HTTP traffic) inside the HTTPS connection which MWG is not able to detect/handle and then these connections will fail (e.g. cannot connect to Skype audio/video connection). Example would be Lync/Skype which uses proprietary protocol and there might be other as well. If you do not want to bypass O365 traffic from policy (HTTPS scanning, authentication, etc.), then you need to perform a "POC" and test this completely in your environment. Some applications might work without a bypass and for other it is mandatory to bypass because of non-HTTP traffic.
Regards, Marcel Kutrieba Technical Support Engineer
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.