Proxy predefined content inspection exceptions allow phishing sites.
I came across some Office 365 phishing sites using a url similar to this fake-login-com-login.microsoftonline.com.PhishingDOMAIN.com.
Even though the real domain is phishingdomain.com, the proxy is allowing the connection becuase login.microsoftonline.com is in the predefined content inspection exemption list.
Even if I try to deny phishindomain.com with the web blocker excpetions, the content inspection exceptions overrule. So I would have to uncheck but this seems like a bug. Tested on 12.5.2 U1. m370