Apparently Microsoft also peeks into encrypted zip files the firewall may have more to do
Based on an earlier post today, it was revealed that Microsoft's practices also involve trying to open up encrypted zip files.
Perhaps this is only done when the nasty zip reaches the Azure folder and not done in semi-real time via the firewall, but the temptation to peek inside packets while in transmission must be strong.