Mandate Proxy?
If this is enabled then local machines will be denied access to outbound port 80 (www), forcing them to use the proxy. Note that this can be used with Proxy Authentication.

This option is only useful when the Proxy is being used as a gateway (in other words, this machine is between your clients and the internet, and all requests must pass through it).

If this is disabled then local machines can browse the web normally on port 80 (and bypass the proxy).