What’s the recommended network architecture requirement for Microsoft 365? Many enterprises have experienced performance issues after migrating to Microsoft 365 and significant bandwidth usage increases, which have resulted in troublesome deployments and a poor user experience. The underlying cause of the problem is the need to meet Microsoft’s network architecture and bandwidth requirements for Microsoft 365. However, this is a common issue to overcome and a challenge many enterprises face on their network transformation journey.
Causes of Microsoft 365 Network Latency
So, what are the causes of M365 network latency? In its report on Microsoft 365, Gartner noted that “Existing internet connectivity to Microsoft 365 will not be ‘good enough’ for most Microsoft 365 usage scenarios.”
With user experience being the number one measure of a successful Microsoft 365 migration, this places the need for LAN-like performance for all users.
Of the estimated 80% of organisations that have migrated to Microsoft 365, more than 60% encounter weekly network issues, caused by insufficient bandwidth, underpinned by underestimating the requirements.
Firewalls experience between 12 - 20 persistent connections per user. Microsoft also recommend no more than 2,000 users behind each public IP.
Microsoft 365 Network Connectivity Requirements
Microsoft recommends a direct internet connection, bypassing Microsoft 365 traffic through your proxy. This is why Microsoft came up with ExpressRoute—essentially, a private high-speed circuit with low latency. However, Microsoft now no longer recommends ExpressRoute!
"Azure ExpressRoute is not required or recommended for Microsoft 365 except where mandated to use direct networking for regulatory purposes or where a network assessment for Skype for Business connectivity requires it."
Microsoft now offers the following guidance for connection routing to minimise latency:
- A well-configured, direct internet connection is optimal for connecting to Microsoft 365.
- Avoid centralised proxies, which can increase latency.
- Ensure proxies are in the client’s local region.
Local Internet Breakouts
Providing users with local internet breakouts to access Microsoft 365 will provide a good user experience, assuming bandwidth requirements are well managed. However, many organisations have underestimated the growth in bandwidth requirements over time. And of course, Microsoft 365 will not be the only cloud-based traffic, with the increase in SaaS services continuing unabated.
Bandwidth Requirements with Microsoft 365
With Microsoft 365 migration, you should assume bandwidth consumption will increase by 40%. You should also assume that existing firewalls/proxies will see some level of port exhaustion, and that users will quickly wipe out your bandwidth estimates. Microsoft offers the following guidance when it comes to bandwidth planning for Microsoft 365:
- Up to 25 users: Use Excel calculators.
- Over 25 users: Start with the calculators as an estimate, then run a pilot and measure the usage during that time.
What About Proxy Architecture?
Proxies often do not scale well and were not designed with SaaS services in mind, resulting in poor performance with applications like Microsoft 365. If a proxy must be used, then ensure:
- Devices are scaled up to cope with SaaS services, in terms of processing and NAT capability.
- Avoid centralised proxies (which can increase latency) and ensure proxies are in the client's local region.
- Avoid using Skype for Business, even when optimised.
- Avoid unnecessary packet inspection.
Zscaler for Microsoft 365 (and any SaaS service)
Through direct peering with Microsoft’s Azure network, Zscaler’s cloud security platform provides a low-latency connection to Microsoft 365 (or any other SaaS service), regardless of location. There is simply nothing better than going directly. With granular bandwidth control (for cloud applications and general internet traffic), you can guarantee Microsoft 365 bandwidth to all users. Iscaler is the first cloud security provider to be a certified partner in the Microsoft Networking Partner Program (NPP) for Microsoft 365. The program is designed to offer customers a set of partners whose deployment practices and guidance are aligned with Microsoft’s networking recommendations for Microsoft 365 to provide users a fast and secure user experience. 
As a Gartner magic quadrant leader, Zscaler moves your security stack to the cloud, delivering fast, secure connections between users and cloud applications (not just Microsoft 365)... regardless of device, location, or networ, whichh is why Zscaler is the default choice for enterprises of all sizes looking to migrate to Microsoft 365 (or other large-scale apps, for that matter).
- Low-latency Microsoft 365 connectivity - for a great user experience for all users.
- Avoid increasing bandwidth costs.
- Visibility of all internet traffic, with granular control.
- Rapid deployment - overlays legacy networks to enable secure cloud transformation.