Microsoft changed its servers to support only ECDSA cipher suites.
Security Gateways running Gaia R80.20 and below, by default, do not propose ECDSA cipher suites.
Consequently, handshake between the Security Gateway and the Microsoft server will fail, usually right after the Client Hello message.