Very interesting question I would like to rate this thread up.
In all my ASM installations I always see violations because of the User-Agent string "ms-office". I don't see any relation to opening documents in protected or unprotected mode. I see those requests as valid requests to websites, loading CSS and other stuff. It's very rare that these requests are related to files, which may be opened by MS Office.
Typically customers are not able to tell if those requests are necessary or not and in most cases the customers decide to allow those requests in the policy.
Does anyone know which clients do send those requests, using the "ms-office" User-Agent string, and most importantly WHY do they send those requests?
Would be great to have a genereal discussion here.
Greets,
svs