If you’re thinking of going to the cloud, one of the first things you should be doing is looking at your network. After all, the corporate network is often the most massive bottleneck between you and the cloud. So what does your network infrastructure look like today? What should it look like if you’re going to the cloud? What changes need to be made? You should be asking yourself all of these questions so you can ensure you’re planning correctly. Luckily, Microsoft makes your job that much easier by providing four straightforward network connectivity principles that you should follow to ensure the best end-user experience across all Microsoft 365 services. We’ll define each of those principles in this article and start diving into the first principle now and have subsequent articles on the other principles. These four principles should give you the right tools so you can start planning on modernizing your network architecture and determine your readiness for Microsoft 365.
The four network connectivity principles to live by when moving your network to Microsoft 365 includes:
- Optimize Network Traffic
- Enable Local Egress
- Enable Direct Connectivity
- Modernize Security for SaaS (Software as a Service)
Principle #1 – Optimize Network Traffic
The first and most crucial principle boils down to optimization of your network traffic. The goal of this principle is to identify Microsoft 365 network traffic so you can differentiate between generic Internet-bound traffic and the traffic that should be optimized. To do this, you’ll need to use the Microsoft published endpoint categories to determine Microsoft 365 traffic from generic internet traffic for more efficient routing. Microsoft 365 created a set of definitions that focuses on network FQDN’s and IP address definitions for all primary Microsoft 365 services (Exchange Online, Skype for Business Online, Teams, SharePoint Online, etc.). Each of these definitions is delivered through a set of scalable REST APIs to automate the network settings for each customer. One of the unique things about these definitions is that Microsoft includes the priority-driven endpoint taxonomy allowing you, as the customer, to prioritize some of the most critical Microsoft 365 experiences and optimize the traffic accordingly. Microsoft has a plethora of partners that support the native integration of the API into their products, which allows you, as the customer, to recognize and configure appropriate Microsoft 365 treatment with just a few clicks of a button. If you are the network administrator for your organization, you’ll be happy to hear about this, as you won’t be required to manually consume this information. Instead, you can leverage one of the many partner solutions so you can automate this in your own environment and keep this up to date. In the past, Microsoft’s optimization guidance was divided into two different categories, required traffic and optional traffic. Since endpoints have been added to support new Microsoft 365 services and features, Microsoft has made some changes to this guidance. Now, Microsoft separates things into three categories, Optimize, Allow, and Default. This now allows for a priority-based pivot on where to focus network optimization efforts, so in turn, you can get the best performance improvements and return on investment. Let’s take a look at each of these categories in more detail:
- Optimize
- These endpoints are required connectivity to Microsoft 365 service and represent 75% of the Microsoft 365 bandwidth, connections, and volume of data. These endpoints are also the most sensitive to network performance, latency, and availability. These endpoints are hosted in a Microsoft datacenter, and you can expect the rate of change for these endpoints to be very scarce compared to the other two categories. The Optimize category includes ~10 critical URLs and a defined set of IP subnets that are dedicated to core Microsoft 365 workloads (as we mentioned earlier). For a full breakdown of what optimization methods this would include, you can check these methods out here.
- Allow
- These endpoints are required for connectivity to Microsoft 365 services and features. However, these endpoints won’t be as sensitive to network performance or latency compared to our Optimize category. Also, the network footprint for these endpoints from a bandwidth and connection count standpoint will be much smaller. These endpoints are dedicated to Microsoft 365 micro-services and their dependencies, which include ~100 URLs. The Allow category also has a much higher change rate than those in the Optimize category, and not all endpoints will necessarily be associated with their own dedicated IP subnet.
- Default
- These endpoints represent Microsoft 365 services and dependencies that do not require any type of optimization. Thus, these can be treated as regular Internet-bound traffic. Also, some of these endpoints in this category may not be hosted in Microsoft datacenters.
That sums up the first of our four network connectivity principles. As you can see, without proper optimization of your Microsoft 365 traffic, you won’t be able to give your end-users an optimal experience when it comes time for them to consume any of the Microsoft 365 services. This becomes even more important when you start introducing things like voice communication, as bad network optimization can lead to a bad end-user experience for those on phone calls or in meetings. However, rest assured after learning these principles, you’ll have a good starting point in tackling your move to the cloud! Tune in soon for the next blog on our second principle, enabling local egress!
