I'm not a product expert, but I don't think what you're trying is actually supported (even though it might work in certain cases). Network Connect isn't intended as a general purpose multi-host tunnel. Since you're almost certainly going through a NAT at some point (maybe multiple points), I can forsee instances where the return packets have no clue where to go.
Microsoft sites have some of the strongest anti-ddos measures known - so I can conjecture that may have something to do with why some sites work but not Microsoft.
Evidence would be to run Network Connect natively on the guest VM (bridged or NAT) - if that works you have your workaround as well.