Re: SSL Inspection & Office 365 Subscription Based Licensing
Yes, I've run into something similar. I think it uses certificate pinning.
From 5.6.x and later you can create a separate security policy rule for Office365, specifying the Internet Service: Office365 (or MS-Office365 or similar) as the destination and only doing certificate inspection.
The catch, of course, is that some of use *want* to do deep inspection on most of the Office365 traffic and this sort of solution doesn't allow that very nicely.