Ensure your proxy that is sending the traffic via ICAP is sending the hotmail traffic, that its set to send requests (reqmod) and that HTTPS interception is enabled for the domain.
If the proxy is configured correctly, and you are trying monitoring keywords in the body/subject of the email in hotmail, it may be the "Ignore Smaller Than Setting" in the Server Settings of the Network Prevent for Web server is set too high - default is 4096 bytes but emails with very little content may not reach this threshold.
If all this is fine, make the policy as simple as possible (just detect any file over 0 bytes) and test to ensure the web prevent server is receiving the traffic.