Good day all. I've had a user saying they're unable to connect to their email via Outlook when they're away from the enterprise network but it works fine once they're on premises. I've recreated the issue the user describes and watched the TCP connections made. I realize that many TCP connections are made by Outlook.exe to proxysvr:9090, which is the IP socket for our MWG proxy. The strange thing is that this user had probably received such proxy config info via WPAD (DHCP) but it still tries to connect to proxysvr while off premises.
I'm used to seeing one or two TCP connection attempts to proxysvr and then Outlook.exe or any other .exe would just go directly to the URL being requested. But here, the Outlook client just sits idly, unable to contact o365 servers while a bunch of TCP connection attempts are made MWG. netstat -ano show just SYN_SENT to MWG socket.
The "Internet Options > Connections > LAN Settings > Automatically detect settings" checkbox has been unchecked so I'm not sure why any WPAD settings would still be present. It seems like bypass is seen for outlook at the proxy (that isn't even available) so it's just stuck trying to connect to server. Complete mystery.