In this series of articles on Office 365 connectivity, we are explaining in detail each principle as recommended by Microsoft. In this article, we will take a look at Office 365 traffic optimization.
The first principle is the mother of all best practices (MOAB-P 😊) for two good reasons.
Firstly, just applying this principle should provide your users a significant improvement in performance and user experience. Secondly, because you can differentiate the traffic, you are able to apply the other three connectivity principles.
So why should you differentiate your traffic?
Reaching Office 365 is not the same as reaching YouTube or any other website on the Internet. When your packets enter Office 365, they are reaching one of the most secure cloud environments on the planet. Extra security layers are not relevant when you are dealing with a network more secure than your own…
Differentiating the traffic allows you to enable access to the shortest possible route to Office 365 because, once again, the security is handled by Microsoft. So you can shorten the route to the cloud and benefit from Office 365 at its maximum speed.
The real change that occurred last year helps to answer the question: Can you differentiate this traffic?
Well, a bit more than a year ago, most enterprise IT people would have said no, which was understandable. The number of FQDNs to be differentiated was very large, with several ports and about a thousand different URLs for each workload; this was just not manageable from a security standpoint.
But things have changed because Microsoft has learned the lesson and now provides a usable structure. There are now three types of FQDNs that work with Office 365.
1. The first type of FQDNs is called “Optimize”
The thousands of URLs last year have now been reduced to fewer than ten.
There are now two for Exchange (with about 12 IP subnets), two for SharePoint (with about five IP subnets) and two for Teams.
These URLs are critical because they handle large volumes of data and are very sensitive to network latency; the positive side is that they reach a highly trusted network.
For these, bypassing SSL breaks and inspection is required, and proxy bypass is strongly recommended. Working only on these URLs will bring a dramatic improvement in the end-user experience.
2. The second category of FQDNs is called “allow”
These URLs are less sensitive. They handle a medium to low volume of data and they can handle proxies, but it is still better if you bypass SSL break and inspect.
There are about a hundred of them, so that the situation is still manageable.
A lot of our customers only focus on the optimized FQDNs, which is a very good start.
But of course, if you can work as well on the “allows URLs”, you will get better results.
3. The last category of FQDNs is the default URL, to which you can apply your existing security policies.
The recommendation of Microsoft is really for you to focus on the “optimized FQDNs” that you can access through Office 365 REST API to automate the Office 365 network configuration.
In this series of articles on Office 365 connectivity principles, we discuss:
GSX Solutions provides the only Office 365 digital experience monitoring tool that truly measures the quality of the service delivered to all enterprise sites, enabling company IT to use the full power of Office 365 performance.
Get started today with Office 365 monitoring to see how you can keep your employees on the path to optimal productivity.