Just guessing here, but it's pretty common for enterprises to set up a lot of configuration via some sort of centralized policy mechanism. So, you'll have custom certs and a proxy PAC pushed at the system level via GPO or Puppet. If a browser (or any application) re-implements these features entirely, it won't pick up any of that context.