I think we're running in a misunderstanding again.
Let me explain again what I mean:
Let's assume, I've excluded the ExplicitO365Endpoint for Outlook autodiscover. My autodiscover record is a CNAME that points to autodiscover.outlook.com. My mailbox has already been migrated to Exchange Online. I will now try to add my mailbox in Outlook from an external device. Outlook will try to contact autodiscover.mydomain.com. Because this is a CNAME pointing to autodiscover.outlook.com, it will contact this host. Based on our discussion, this would lead to a certificate error, because autodiscover.mydomain.com is not listed as a subject (alternate) name on Microsoft's certificates.
I checked, that autodiscover.outlook.com is not accessible via HTTPS/443. Because Outlook cannot contact the autodiscover service via HTTPS, it falls back to the HTTP redirect method on HTTP/80. From there, it gets a HTTP 302 redirect to something like autodiscover-s.outlook.com. Outlook will then try to contact this URL via HTTPS/443 and because this is a "real" redirect (no CNAME), Outlook will validate, that autodiscover-s.outlook.com is present on the certificate. The initial autodiscover.mydomain.com doesn't even matter, because the request was redirected. Outlook normally would then present a warning that the autodiscover URL has been redirected and prompts the user to accept this redirection.
Because of the registry key "RedirectServers", this message will never be shown, because these servers are already somehow "accepted" to be redirected to.