What’s the recommended network architecture requirement for Microsoft 365? Many enterprises have experienced performance issues after migrating to Microsoft 365 and significant bandwidth usage increases, which have resulted in troublesome deployments and a poor user experience. The underlying cause of the problem is the need to meet Microsoft’s network architecture and bandwidth requirements for Microsoft 365. However, this is a common issue to overcome and a challenge many enterprises face on their network transformation journey.
So, what are the causes of M365 network latency? In its report on Microsoft 365, Gartner noted that “Existing internet connectivity to Microsoft 365 will not be ‘good enough’ for most Microsoft 365 usage scenarios.”
With user experience being the number one measure of a successful Microsoft 365 migration, this places the need for LAN-like performance for all users.
Of the estimated 80% of organisations that have migrated to Microsoft 365, more than 60% encounter weekly network issues, caused by insufficient bandwidth, underpinned by underestimating the requirements.
Firewalls experience between 12 - 20 persistent connections per user. Microsoft also recommend no more than 2,000 users behind each public IP.
Microsoft recommends a direct internet connection, bypassing Microsoft 365 traffic through your proxy. This is why Microsoft came up with ExpressRoute—essentially, a private high-speed circuit with low latency. However, Microsoft now no longer recommends ExpressRoute!
"Azure ExpressRoute is not required or recommended for Microsoft 365 except where mandated to use direct networking for regulatory purposes or where a network assessment for Skype for Business connectivity requires it."
Microsoft now offers the following guidance for connection routing to minimise latency:
Providing users with local internet breakouts to access Microsoft 365 will provide a good user experience, assuming bandwidth requirements are well managed. However, many organisations have underestimated the growth in bandwidth requirements over time. And of course, Microsoft 365 will not be the only cloud-based traffic, with the increase in SaaS services continuing unabated.
With Microsoft 365 migration, you should assume bandwidth consumption will increase by 40%. You should also assume that existing firewalls/proxies will see some level of port exhaustion, and that users will quickly wipe out your bandwidth estimates. Microsoft offers the following guidance when it comes to bandwidth planning for Microsoft 365:
Proxies often do not scale well and were not designed with SaaS services in mind, resulting in poor performance with applications like Microsoft 365. If a proxy must be used, then ensure:
Through direct peering with Microsoft’s Azure network, Zscaler’s cloud security platform provides a low-latency connection to Microsoft 365 (or any other SaaS service), regardless of location. There is simply nothing better than going directly. With granular bandwidth control (for cloud applications and general internet traffic), you can guarantee Microsoft 365 bandwidth to all users. Iscaler is the first cloud security provider to be a certified partner in the Microsoft Networking Partner Program (NPP) for Microsoft 365. The program is designed to offer customers a set of partners whose deployment practices and guidance are aligned with Microsoft’s networking recommendations for Microsoft 365 to provide users a fast and secure user experience.