This is an HTTPS Inspection limitation.
In case of proxy with NTLM Authentication, the reply to Security Gateway's "connect" request is "407 Proxy Authentication Required", so Security Gateway short-circuits the connection. As a result, HTTPS Inspection is not enforced.