I would be shocked if Microsoft was not using their own layer of certificate-pinning to stop people from doing that, and/or using another layer of encryption separate from the networking layer.
But you'd still see some encrypted traffic and it wouldn't fly under a radar
Only way to see what's going on is testing to see what's going on. Hopefully, someone who knows more about it than me can take a look at the packets and see what they contain.