In an Office 365 Review project, we had the task to check the network implementation for the Office 365 traffic. The design reflected the classic enterprise networking approach, with Proxy-Servers, Next Generation Firewalls with Deep Packet Inspection and so on. I already knew that this was not the best practices scenario from a Microsoft perspective, but I didn’t have good references for it. Because of that, I did some research and want to share the output with you.
Network Best Practices for O365 traffic summarized
- Bypass Proxy-Servers
- Don’t use Deep Packet Inspection or SSL Inspection
- Use Local Internet Breakouts for Office 365
- Reconsider your Network design and strategy as an example use SD-WAN (Whitepaper from Cisco)
References and Sources
Microsoft does not require and does not recommend using third-party WAN optimization solutions, traffic redirection or inspection devices, or any other network solutions that decrypt, inspect, or take protocol-level or content-level action on Office 365 user traffic.
I highly recommend this video if you are an Office 365 consultant or engineer – watch it till the end 😉
Office 365 connectivity principles
Issues with the traditional model for Office 365 traffic
New URL and IP categories and web services API
Modern Network architecture: Example