Proxy with local auth and some free website

Hi everyone, I’m playing with IPFire since two weeks now, read the wiki and tried different setups.

I’ve have this IPFIre configuration:

Zone configuration: Red and Green
Default firewall behaviour: Forward blocked, Outgoing allowed
Proxy enabled on green
Transparent proxy deactivated
Authentication method: local
Everything woks fine, web browsing is allowed on green only by using the proxy and authenticating.

What I would like to do is allow users without the proxy authentication to browse only microsoft 365 while users that do know the proxy authentication can browse freely.
I’ve tried to use the “Domains without authentication” option by inserting all the domains used by microsoft 365 by inspecting the https requests but I don’t think it is the right method since it would be really hard to maintain, there are a lot of urls and redirects and so it often asks for username and password.
I could probably allow the navigation only to microsoft 365 by creating firewall rules that allow navigation towards microsoft 365 ip ranges but I also am not sure it is the right solution.

Do you have any suggestions?

Thanks a lot for your time.