If it is TLS you can get the keys used in the session from lsass’ memory. I’ve even written a tool to do so in PowerShell https://gist.github.com/jborean93/6c1f1b3130f2675f1618da5663.... This will generate a log file that contains the keys needed for Wireshark to decrypt TLS traffic.
My claim is it's not standard TLS or there's an additional layer (external encryption key) because an actual decryption of telemetry traffic has never been demonstrated.