Blog Office 365 Network

Route to Office 365 best practices: Avoid Security Duplication

In this series of articles on Office 365 connectivity we are explaining in detail each principle as recommended by Microsoft. In the previous article we had a look at direct connectivity. Now let’s have a closer look at the security aspect.

Security is a big challenge for enterprise IT. But don’t worry, it is also a great challenge for Microsoft because their Office 365 business is highly dependent on it. Microsoft invests hundreds of millions of dollars in security features every year.

And most enterprises invest, too, using proxies, SSL inspection, packet inspection and data loss prevention systems.

These technologies should be used for generic internet requests, but they dramatically reduce the performance and quality of the services of Office 365 when applied to optimized FQDNs.

As explained in the blog: Differentiate your traffic, Microsoft has considerably reduced the number of FQDNs (now less than 10) that need to be prioritized in order to dramatically improve the end-user experience of Office 365.

Maximum security is applied to the FQDNs by Microsoft to enable enterprise IT to bypass their own security processes. This highly secure network includes security features such as Data Loss Prevention, Anti-Virus, Multi-Factor Authentication, Customer Lock Box, Advanced Threat Protection, Office 365 Threat Intelligence, Office 365 Secure Score, Exchange Online Protection, and Network DDOS Security.

In order to ease the bypassing of enterprise security processes that duplicate those that already exist in the Microsoft Global Network, Microsoft allows Office 365 administrators to use Rest API to access the list of endpoints to update the configuration of firewall and other security devices.

Finally, Office 365 administrators can create Proxy Automatic Configuration scripts to bypass proxies for Office 365 requests from WAN or VPN users.

There is often a big discussion with our customers about proxies. So let’s show you in real life how they affect the end user experience.

Once again I would like to explain briefly how we test the end-user experience. As you may, know GSX provides the Office 365 end-to-end service monitoring solution. We use our Robot users that can be installed anywhere and that use Office 365 exactly the way a user does, measuring the user experience and service quality, alerting and reporting on it.

Below we can see a PowerBI report from multiple Robots. For this proxy experiment we will look at the turquoise robot (Robot user in Nice using proxy before going out to the internet) and the yellow witness Robot (Robot user in Nice connect directly to the nearest Office 365 front door in Marseille).

As you can see, the user experience quality is almost doubled when the Robot can egress locally and connect directly to the nearest Office 365 front door.

And this is true for every workload of Office 365. It is important to also note that MS Teams usually doesn’t respond well when a proxy is involved.

In order to script the automatic bypass of proxy for selected sites and FQDNs, you can use the Get PAC (Proxy Automatic Configuration) file displayed below:

This tool will really help your administrator to automate the optimization of all your security devices to enable the best possible performance for your Office 365 users.

To sum up, we’ve seen how it is important to be able to detect poor end-user experience and service quality through GSX monitoring solution for Office 365. You can then enhance your performance with the tools Microsoft provides you (like the PAC file).

The connectivity principles have been developed to help you improve the end-user experience. Microsoft has worked a lot on improving its network to allow you to change your route to the cloud in a secure and high-performance way.

But as you implement those changes, it is essential for you to be able to measure the results, assessing whether the return on investment has been good or poor.

For that you need to continuously measure the end-user experience on every site you want to improve.

This allows the C Level to determine the Office 365 project costs and measure the ROI of the network improvement. It prevents critical situations and management complaints to the operations team. It improves the global quality of the services delivered to your business lines, which ensures optimal productivity to your company.

Thanks to our Robots that measure the end-user experience in real time, alert and report on it, GSX is the perfect solution to partner with you on your service quality enhancement journey.

In this series of articles on Office 365 connectivity principles, we discuss:

GSX Solutions provides the only Office 365 user experience monitoring tool that truly measures the quality of the service delivered to all enterprises’ sites, enabling their IT to take power of the Office 365 performance.

Get started today with Office 365 monitoring and see how you can keep your employees on the path to optimal productivity.

Let's get started.