Fortigate Certificate Popup when launching outlook

We're having an issue where we're being asked for Certificate continuously when outlook is accessing office365.   The Fortigate is configured in explicit mode, and we've setup a address group and included fqdn of office 365 and allowed it on explicit policy rule and disabled SLL inspection. 

Like below: 

edit "Clone of office365" set member 365_.microsoftonline-p.com 365_.microsoftonline.com 365_.onmicrosoft.com 365_.outlook.com 365_.public-trust.com 365_.sharepoint.com 365_.verisign.com 365_.verisign.net 365_appexsin.stb.s-msn.com 365_auth.gfx.ms 365_autodiscover 365_crl.microsoft 365_d.docs.live.net 365_evsecure-aia.verisign.com 365_evsecure-crl.verisign.com 365_evsecure-ocsp.verisign.com 365_go.microsoft.com 365_login.live.com 365_login.microsoftonline.com 365_m.webtrends.com 365_microsoft-my.sharepoint.com 365_ms.tific.com 365_msft.sts.microsoft.com 365_o15.officeredir.microsoft.com 365_odc.officeapps.live.com 365_odcsm.officeapps.live.com 365_office.microsoft.com 365_office15client.microsoft.com 365_officeimg.vo.msecnd.net 365_roaming.officeapps.live.com 365_sa.symcb.com 365_sd.symcb.com 365_smtp.office365.com 365_wer.microsoft.com outlook.office365.com outlook.office365.com.g.office365.com

set member 365_crl.microsoft 365_evsecure-ocsp.verisign.com 365_evsecure-aia.verisign.com 365_evsecure-crl.verisign.com evsecure-crl.verisign.com 365_sa.symcb.com 365_sd.symcb.com 365_office15client.microsoft.com 365_odc.officeapps.live.com 365_go.microsoft.com 365_login.microsoftonline.com 365_msft.sts.microsoft.com 365_odcsm.officeapps.live.com 365_microsoft-my.sharepoint.com 365_microsoft-my.sharepoint.com 365_ms.tific.com 365_roaming.officeapps.live.com 365_o15.officeredir.microsoft.com 365_office.microsoft.com 365_officeimg.vo.msecnd.net 365_m.webtrends.com 365_d.docs.live.net 365_login.live.com 365_auth.gfx.ms 365_wer.microsoft.com 365_appexsin.stb.s-msn.com 365_autodiscover

edit "365_crl.microsoft" set type fqdn set fqdn "crl.microsoft.com" next edit "365_evsecure-ocsp.verisign.com" set type fqdn set visibility disable set fqdn "evsecure-ocsp.verisign.com" next edit "365_evsecure-aia.verisign.com"

Allowed this on Explicit Proxy policy and removed SLL inspection, but we still get the Popup

Sunny