Hello,
Initially those kind of application are not expected to be used via proxy. You have an example with webex :
https://knowledge.broadcom.com/external/article/173861/allow-webex-audiovideo-through-proxy.html
To put it simply, is it possible to bypass authentication instead and propose the customer to filter the source via IP addresses instead of having authenticated user (only for microsoft team)? Just in case you do not know, you should have an application object available for use where common application like webex (...) are listed.
And another KB for microsoft team this time : https://knowledge.broadcom.com/external/article/228062/accessing-microsoft-teams-through-proxys.html
FInally regading your question about the authentication debug, I usually use the policy trace for a specific connection for instance and check the transaction. I mean first check if you can see the userID listed in one of the transaction, if not then look for the user IP and check the layer one by one.
You can also check the event https://proxyMGTIPaddress:8082/Eventlog/download/events.log
Look if you have some "Schannel error", the Schannel is what is used by the proxy to forward the authentication request to the DCs. If you have one then it is possible that you have too many authentication request from proxySG to DCs.
If you still see nothing, check the log via the LSA debug; filter on userID which does have an issue (ask him for a test in live) : https://x.x.x.x:8082/lsa/debug
I am also new on the solution itself, i hope someone from Broadcom can also help and confirm those statement just in case ! :)
Best regards,
Furil