Home / Blog / Cloud Solutions / Moving to Microsoft 365? What Are the Issues Facing Your Network?

November 12, 2017

Many companies make the move to Microsoft 365 because – as Microsoft says – you can access your office remotely every day of the year. No longer are you tied to hardware and software in a physical building. Microsoft 365 also shifts the burden of storing vast amounts of information, data, software, and other components onto Microsoft’s servers, allowing your business to securely access everything from the cloud – from anywhere.

Microsoft-365

However, the migration to Microsoft 365 is not without its challenges. Companies are experiencing technical difficulties with performance complaints from end users, reflecting badly on the IT organisation responsible for deployment.

Here are the critical steps to get your network ready when you’re moving to Microsoft 365.

Is Your Network Ready?

  • Microsoft’s recommendation for accessing Microsoft 365 is via a direct Internet connection, to get users onto Microsoft’s CDN quickly for a fast user experience.
  • Network utilisation will increase by up to 40% with Microsoft 365.
  • ‘Hub-and-spoke’ architectures with centralised security control require branch and local traffic to be backhauled over MPLS or VPN, introducing latency and jitter, as well as excess network traffic.

Avoid issues with Microsoft 365 migration

Preparing Your Firewalls & Security Hardware

  • Similarly, ‘hub-and-spoke’ architectures require firewall appliances to be deployed locally to maintain security for local Internet connections, as well as all the security appliances sitting in the current gateway.
  • Microsoft 365 requires constant firewall updates; missing an IP or URL update will cause user connectivity issues. This places an excessive workload on IT departments.

Let’s Get into Some More Details…

Network Challenges

Many organisations have started to move their applications to the cloud. But as business and IT transform, this throws up connectivity, latency and security challenges.

When deploying Microsoft 365, if you run a traditional ‘hub-and-spoke’ architecture, then your challenge will be providing a direct Internet connection, with the appropriate local security controls.

What About ExpressRoute for Microsoft 365?

ExpressRoute permits a direct VPN connection between your internal network and the Microsoft cloud. However, this is not the recommended connection method, as traffic still needs to be backhauled over MPLS or VPN to a centralised gateway. ExpressRoute is highly complex to configure correctly and is only recommended for a small number of use cases.

Firewall Expansion & Upgrades

Additional appliances will be required to keep up with the increase in traffic flow. This could include extra security controls – next-generation firewalls, data loss prevention, SSL inspection, bandwidth management, and outbound proxies.

The additional firewall appliances required for local Internet breakouts also need to be supersized to handle the high number of long-lived connections and to accommodate the growth of SSL traffic over the next 3 – 5 years (or over the life of the appliance).

Additionally, DNS needs to be handled locally, otherwise, the user will be connected to Microsoft’s network in the location nearest the DNS provided – not necessarily nearest to the user – introducing unnecessary latency.

Explainer: Microsoft 365 creates a high number of long-lived connections that can overwhelm existing firewalls and drive unplanned network upgrades. Each user will generate between 12 and 20 persistent connections across different ports, not just 80/443.

This results in an average increase in network utilisation of 40 per cent (increasing MPLS costs). Microsoft also recommends no more than 2,000 users behind each public IP address.

The Preferred Connection Method

Microsoft 365 was built to be accessed securely and reliably via a direct Internet connection. Direct Internet connections to Microsoft’s CDN minimise latency, providing a fast user experience, while avoiding the backhaul traffic over MPLS or VPN. Caution should be taken to avoid centralised proxies (decentralised if required). Proxies struggle to deal with long-lived sessions and high-throughput connections. Internet gateway appliances, including proxies, add latency and cause jitter. Microsoft 365 requires NGFW capacity and WAN latency assessments.

So What’s The Solution?

Leader in the Gartner Magic Quadrant, Zscaler’s Cloud Security Platform allows organisations to break out Microsoft 365 and Internet traffic locally without any hardware or software to deploy, for a fast user experience.

Rapid Deployment

By moving your security appliances to the cloud, Zscaler dramatically simplifies your IT transformation strategy, as well as your Microsoft 365 deployment. Zscaler instantly configures Microsoft 365 connectivity policies across the Zscaler cloud with a ‘one-click’ configuration. Automated IP and URL updates further simplify operational management.

Fast Microsoft 365 User Experience

Zscaler’s global cloud platform peers directly with Microsoft data centres for a fast user experience, with bandwidth controls to prioritise Microsoft 365 over YouTube (or other) Internet traffic.

Cost Savings

With Zscaler, Microsoft 365 users now connect locally, reducing MPLS spend, while avoiding hardware upgrades with elastic cloud services.

How Can Cyberone Help?

Firstly, you should read our blog on Solving network latency issues with Microsoft 365 migration.