Many companies move to Microsoft 365 because, as Microsoft says, you can access your office remotely every day of the year. No longer are you tied to hardware and software in a physical building. Microsoft 365 also shifts the burden of storing vast amounts of information, data, software and other components onto Microsoft’s servers, allowing your business to access everything from the cloud, from anywhere securely.
However, migration to Microsoft 365 is not without challenges. Companies are experiencing technical difficulties and performance complaints from end users are reflecting poorly on the IT organisation responsible for deployment.
Here are the critical steps to get your network ready when moving to Microsoft 365.
Many organisations have started moving their applications to the cloud. But as business and IT transform, this creates connectivity, latency and security challenges.
If you run a traditional ‘hub-and-spoke’ architecture when deploying Microsoft 365, your challenge will be providing a direct Internet connection with the appropriate local security controls.
ExpressRoute permits a direct VPN connection between your internal network and the Microsoft cloud. However, this is not the recommended connection method, as traffic must still be backhauled over MPLS or VPN to a centralised gateway. ExpressRoute is highly complex to configure correctly and is only recommended for a few use cases.
Additional appliances will be required to keep up with the increase in traffic flow. These could include extra security controls, such as next-generation firewalls, data loss prevention, SSL inspection, bandwidth management and outbound proxies.
The additional firewall appliances required for local Internet breakouts also need to be supersized to handle the high number of long-lived connections and to accommodate the growth of SSL traffic over the next 3 - 5 years (or over the appliance’s lifetime).
Additionally, DNS needs to be handled locally. Otherwise, the user will be connected to Microsoft’s network in the location nearest the DNS provided, which is not necessarily nearest to the user, introducing unnecessary latency.
Explainer: Microsoft 365 creates many long-lived connections that can overwhelm existing firewalls and drive unplanned network upgrades. Each user will generate between 12 and 20 persistent connections across different ports, not just 80/443.
This results in an average 40 percent increase in network utilisation (increasing MPLS costs). Microsoft also recommends no more than 2,000 users behind each public IP address.
Microsoft 365 was built to be accessed securely and reliably via a direct Internet connection. Direct Internet connections to Microsoft’s CDN minimise latency, providing a fast user experience while avoiding the backhaul traffic over MPLS or VPN. Caution should be taken to prevent centralised proxies (decentralised if required). Proxies struggle to deal with long-lived sessions and high-throughput connections. Internet gateway appliances, including proxies, add latency and cause jitter. Microsoft 365 requires NGFW capacity and WAN latency assessments.
Leader in the Gartner Magic Quadrant, Zscaler’s Cloud Security Platform allows organisations to break out Microsoft 365 and Internet traffic locally without any hardware or software to deploy, for a fast user experience.
By moving your security appliances to the cloud, Zscaler dramatically simplifies your IT transformation strategy and Microsoft 365 deployment. With a ‘one-click ' configuration, Zscaler instantly configures Microsoft 365 connectivity policies across the Zscaler cloud. Automated IP and URL updates further simplify operational management.
Zscaler’s global cloud platform peers directly with Microsoft data centres for a fast user experience, with bandwidth controls to prioritise Microsoft 365 over YouTube (or other) Internet traffic.
With Zscaler, Microsoft 365 users can now connect locally, reducing MPLS spend while avoiding hardware upgrades with elastic cloud services.
Firstly, you should read our blog on solving network latency issues with Microsoft 365 migration.