Get your enterprise network ready for Office 365 5/16/2018 8:54 AM BRK3051 Get your enterprise network ready for Office 365 Paul Andrew Senior Program Manager Office 365 Paul Collinge Senior Program Manager Office 365 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Enterprise and SMB networks differ 5/16/2018 8:54 AM Enterprise and SMB networks differ SMB networks are simple and connect like from home Other SaaS Internet Service Provider The internet Firewall Users in the same building using a single connection Uses a firewall no URL filtering and restrictions ISP peers into the Microsoft global network for fast connectivity to Office 365 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

The Microsoft connectivity landscape 5/16/2018 8:54 AM Enterprise last mile Consumer last mile Microsoft first mile Americas Edge ISP The internet Seattle Office Connecting to worldwide Microsoft consumer services Microsoft’s global network London Head Office Carrier Neutral Facility (CNF) The internet EMEA Edge Paris Office Sydney Office Traveling in Asia Enterprise network APAC Edge © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Global Enterprise Networking Concerns 5/16/2018 8:54 AM Global Enterprise Networking Concerns Moving from datacenters connectivity to SaaS Originally a user co-located datacenter that all users connect Enterprises moved to off site datacenter with co-located historical Internet SaaS moves this to globally distributed datacenters and Internet connectivity Security at the Network Edge is necessary but not sufficient Most security intrusions start with action from a user inside the network Poorly secured, but trusted, partner networks are also a top target Clients and data need security more than the network perimeter Network device industry growth Increased security threats and constant data pilferage Emerging networking technologies Network stacks moving to the cloud Increasing use of cloud proxy as a service © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Identify Office 365 traffic 5/16/2018 8:54 AM Identify Office 365 traffic Office 365 Admin http://aka.ms/O365IP User Enterprise Firewall Admin gets URL and IP ranges for Office 365 Admin updates enterprise network devices policies to optimize Office 365 traffic Users get an improved Office 365 experience due to better connectivity XML for device configuration RSS for change notifications HTML for details review © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Local internet egress for optimal performance 5/16/2018 8:54 AM Local internet egress for optimal performance Microsoft’s global network Europe, Middle East and Africa Seattle Office Microsoft’s global network Americas ISP Traditional enterprise networks impact Office 365 performance Eliminate historical single egress with a security stack Local WAN egress near to every location London Head Office ISP Paris Office Microsoft’s global network EMEA ISP Traveling in Asia Sydney Office Microsoft’s global network APAC Enterprise Network ISP ISP Microsoft’s global network Asia/Pacific © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recommendation: local egress and local DNS 5/16/2018 8:54 AM Recommendation: local egress and local DNS Local Egress Small branch offices often only have corporate WAN Ideally breakout Office 365 traffic from WAN at each office Common: Branch offices > Break out locations > Internet perimeters DNS Configuration The Local DNS server should be near the user due to Geo DNS Track WAN egress with DNS location Ideally configure customer Local DNS servers with root hints Alternatively forward DNS to the ISP or other network provider Avoid global DNS providers as they don’t do local lookup © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Avoid network hairpins that cause long routing 5/16/2018 8:54 AM Avoid network hairpins that cause long routing  3rd party cloud with vendor security devices Americas Edge London Head Office Enterprise Network Seattle Office The internet Paris Office EMEA Edge  Carrier Neutral Facility (CNF) Microsoft’s global network Sydney Office Traveling in Asia APAC Edge © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recommendation: Avoid hairpins 5/16/2018 8:54 AM Recommendation: Avoid hairpins Enterprise WAN hairpin Goal: Reduce the latency caused by hairpin networks Minimum requirement: Cross region hairpins will impact Office 365 experience Third party cloud hairpin Cloud based network devices can create the same routing issues as the enterprise network stacks Be aware of the location of the “hairpin” in relationship to the user and to Microsoft’s network Ask where the cloud node is for each user location Optimal is a straight line between users and Microsoft => no hairpin © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Enterprise networks are large 5/16/2018 8:54 AM Enterprise networks are large Enterprise Connectivity Networking Stack CASB DLP SWG WAN Accelerator LAN/WAN SD WAN Firewall/Security NAT Network Edge Proxy Other SaaS Internet Service Provider The internet Inter-office Wide Area Network (WAN) backhauls traffic to a central location Security policies established for internet connectivity © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

? How did we get here? Encrypted Transport 5/16/2018 8:54 AM How did we get here? History 1990’s On premises servers 2000’s Internet growth 2005 Network Intrusions Now Deploy Office 365 Internet perimeter security Disconnected Router, Firewall, Cache, Proxy Server IDP, DLP, NG Firewall, Proxy, etc Enterprise data network security Direct connect / None None ? Encrypted Transport Connects to Microsoft Datacenters Office 365 Security Features Review the risks © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Office 365 security and compliance 5/16/2018 8:54 AM Office 365 security and compliance Office 365 is designed for content security and compliance with technical and regulatory standards Physical datacenter security Network DDOS security Data Loss Prevention (DLP) Multi-Factor Authentication Exchange Online Protection Advanced Threat Protection (ATP) Customer Lock Box Office 365 Anti-Virus Office 365 Secure Score Office 365 Threat Intelligence Advanced Data Governance Regional Data Residency © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recommendation: Use Office 365 security 5/16/2018 8:54 AM Recommendation: Use Office 365 security Separate Office 365 traffic from generic Internet traffic Consumer Internet sites may need deep inspection, not for trusted SaaS like Office 365 There are performance tradeoffs in applying Internet security to Office 365 traffic Evaluate Office 365 security to mitigate identified security risks  DLP, ATP, Firewall and other network security devices Enterprise WAN Internet © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

  Office 365 connectivity principles Identify and differentiate Office 365 traffic using Microsoft published endpoints data Egress Office 365 data connections as close to the user as practical with matching DNS resolution Avoid network hairpins and optimize connectivity directly into the nearest entry point into Microsoft network Assess bypassing proxies, traffic inspection devices and duplicate security which is available in Office 365 aka.ms/o365ip Head Office Branch Office ISP Microsoft Network  Microsoft Network ISP IaaS Cloud  Internet

Bandwidth planning 5/16/2018 8:54 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Bandwidth planning methods 5/16/2018 8:54 AM Bandwidth planning methods Know the network bandwidth utilization / headroom Monitor bandwidth utilization during a pilot Avoid shared bandwidth network providers Calculate a per user bandwidth with spreadsheets Limit OneDrive sync bandwidth per client Use a standard per user bandwidth amount MSIT publish the Microsoft one, Gartner have one Use flexible network providers and increase as needed © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Other factors to consider 5/16/2018 8:54 AM Other factors to consider Exchange Use the on-premises baseline Consider SMTP to on-premises needs (or direct MX to Microsoft) Use after hours migration to test mailbox migration bandwidth Azure AD connectivity is minimal Use Outlook 2013 SP1 or later for performance improvement Skype Media across the perimeter only IM is bursty, latency tolerant, and very small Voice uses RTAudio (50kbps low, 80kbps high, auto-determination) Video depends upon resolution (280kbps low, 4000kbps high, dependent upon resolution) Desktop sharing depends upon desktop resolution Consider Peer-to-Peer (inside WAN) versus Client-Server (across perimeter) SharePoint HTTPS views of webpages, uploads/downloads of content Document editing with Office Web Apps or Office Bursty, but latency tolerant Requires baseline to estimate Will ramp up as more content is loaded into SharePoint, MySites, OneDrive for Business © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Choosing a bandwidth planning method 5/16/2018 8:54 AM Choosing a bandwidth planning method Know the network bandwidth utilization / headroom Measure from routers, SNMP, IPFIX, client log tools Monitor regularly for all your network segments Keep records Monitor bandwidth utilization during a pilot Monitor the change for your pilot users Calculate Office 365 bandwidth per user Scale up to each network segment user population © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hints on bandwidth planning 5/16/2018 8:54 AM Hints on bandwidth planning Calculate a per user bandwidth with spreadsheets Spreadsheet calculators for Skype and Exchange Ask questions to help you identify usage Limit OneDrive sync bandwidth per client Opposite to calculators GPO deploy the limit Use a standard per user bandwidth amount MSIT publish the Microsoft one (400kbps for all network connectivity and not just Office 365) Gartner have one (Gartner consult required) Use flexible network providers and increase as needed Start small and expand BW when headroom gets low © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Headroom management is important 5/16/2018 8:54 AM Headroom management is important Headroom is the percentage of free bandwidth on a circuit 0% (or not measuring) means you will have congestion, errors and retransmissions which increases latency 20% is minimal to avoid congestion 33% is common 50% is conservative, or is used for high availability across two geographically dispersed circuits. If one fails, the other can handle the whole load short term © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Connectivity Options 5/16/2018 8:54 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Customer Connection Options 5/16/2018 Customer Connection Options Please make diagram conform to TR Brand and palette, make lines wider etc Customer LAN/WAN Public Internet Proxy Customer LAN/WAN Direct (NAT/PAT) Customer LAN/WAN ExpressRoute Microsoft Global Network © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Connecting via a proxy server 5/16/2018 8:54 AM Connecting via a proxy server © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

TechReady 23 5/16/2018 8:54 AM Proxy Server Device that (generally) sits at the egress and connects to external sources on behalf of the requestor Mainly configured to use two TCP connections: Client to Proxy Proxy to Endpoint Allows the Proxy to: Intercept traffic Inspect and change or deny requests Three Main Types: Regular/Forward Proxy Transparent Proxy Reverse Proxy © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Proxied Connection - Pros 5/16/2018 8:54 AM Proxied Connection - Pros Easy to Configure to get Office 365 connected Often existing internet access method Small Number of IP addresses for clients to direct traffic to Uses known ports for easy firewall traversal No need to route external IP address on internal network No requirement for external DNS resolution for clients Logical barrier between clients and the internet Management can be offloaded to partner (e.g. a Cloud Proxy vendor) Easy monitoring/auditing © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Proxied Connection - Cons 5/16/2018 Proxied Connection - Cons Often don’t scale to meet new demand without costly upgrades Often were not installed/designed with SaaS services in mind Older proxies often struggle to deal with the long lived, high throughput connections SaaS services entail Older Proxies generally are not designed/configured to handle UDP traffic Skype traffic is therefore forced over TCP in these cases Skype’s coping mechanisms for poor networks are drastically reduced when TCP is used  Can delay frames on their way through adding jitter and latency Proxies commonly alter TCP level settings which can cause performance issues End result is often poor quality calls and performance © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/16/2018 8:54 AM Advice for Proxy use Ensure the devices are scaled up to cope with SaaS services, both in terms of processing and NAT capability Avoid centralized proxies which can increase latency Ensure they are in the local region of the client (as a minimum) Evaluate Cloud Proxy nodes or those optimized for SAAS services Avoid using Skype for Business through these devices even when optimized Avoid unnecessary Packet inspection Ensure all settings are checked and optimized Look at whether offloading key Office endpoints is possible © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Work In progress to assist in this area 5/16/2018 8:54 AM Work In progress to assist in this area Office 365 workloads consist of different major & micro services Identify, understand & differentiate Office 365 traffic Optimize high load, high transaction, latency sensitive traffic Exchange Online SharePoint Online and ODfB Skype for Business Microsoft Teams Exchange Online Protection Office Online Azure Active Directory Other Office 365 Services CDNs System Services Other Microsoft Cloud Services 3rd Party Cloud Services Core Services and Endpoints Auxiliary Services and Endpoints Core Servic es Customer Connectivity # of Endpoints and Services 95%+ of network demands aka.ms/o365ip © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/16/2018 8:54 AM Trust WAN Trusted services are simpler to connect to and they generally perform better for users Office 365 - trusted service, not the Internet http://trustoffice365.com Broad and expanding set of security, privacy and compliance features Evaluate Office 365 security features focusing on outcomes, not implementation Consider the scale Differentiate Office 365 traffic when needed [e.g. outbound vs. inbound] Bypass high impact duplicate network security layers for features and outcomes provided natively by Office 365 Check with your network/security vendor for support of automatic Office 365 traffic identification and whitelisting Level of trust Compensating Overhead /Cost, Complexity, Latency/ Strong encryption in transit (TLS), DDOS protection, Data Loss Prevention (DLP), Multi-Factor Authentication (MFA), Advanced Threat Protection (ATP), Customer Lock Box,Advanced Security Management, Anti-Virus, Secure Score, Threat Intelligence, Advanced Data Governance, Regional Data Residency, Conditional Access, Tenant Restrictions, Activity APIs, Customer Controlled Keys, Vulnerability Scanning, Intrusion Detection, Encryption at Rest, Zero Standing Rights, Certifications ( ISO, SOC, FEDRAMP, FISMA, ..), Go-local and Sovereign Clouds, eDiscovery, Regulatory Hold, Audit Logs, Next Gen Privacy … O365 Generic Internet Site Verifiably Trusted Application © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Connecting via a direct connection 5/16/2018 8:54 AM Connecting via a direct connection © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/16/2018 8:54 AM Direct Connection Office 365 services connect directly, normally via a Dynamic NAT/PAT device on the egress Firewall or PAT device changes the internal IP address to a public one and may also change the source port Device may also ensure destination address is allowed Endpoint receives the request from the public IP address used for NAT/PAT © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Direct Connection - Pros 5/16/2018 Direct Connection - Pros Allows direct UDP traffic so Skype can work at it’s best Generally no interference with payload at egress meaning optimal connectivity for all services Allows for local egress use in most cases meaning minimal latency Preferred connection method to Office 365 for most customers when ISP routing is optimal © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Direct Connection – Cons 5/16/2018 Direct Connection – Cons Customers need to authorize Office 365 URLs/IPs and open required ports on all firewalls used (if controlled egress is desired) These need to be constantly monitored and firewalls updated with changes which can be challenge in large organizations Missing updates to IP ranges can cause connectivity issues Routing to the appropriate egress needs to be managed internally External DNS required for clients Devices need to scale to the increased connection count needed for Office 365 services © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Work In progress to assist in this area All Office workloads are working to reduce IP ranges required for the services and use consolidated ranges Updated URL & IP page to provide data in multiple formats Help to allow network vendors to better consume updates automatically Please provide your feedback via the current URL & IP page

Connecting via ExpressRoute 5/16/2018 8:54 AM Connecting via ExpressRoute © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

ExpressRoute Private peering with the Microsoft network 5/16/2018 8:54 AM ExpressRoute Private peering with the Microsoft network Extension of the managed network to the edge of the Microsoft network which avoids the internet Allows most Office 365 services to utilize this link to access Microsoft Datacentres Simply a routing override from the internet route © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Global Network 5/16/2018 8:54 AM ExpressRoute Public Internet Customer Datacenter ExpressRoute Microsoft Global Network Customer Network © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

ExpressRoute - Pros 99.95% SLA for availability 5/16/2018 8:54 AM ExpressRoute - Pros 99.95% SLA for availability Predictable Performance Privately managed network connection avoiding the internet for some traffic Better QoS availability for Skype for Business Some customers have a regulatory requirement for this type of connectivity © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

ExpressRoute - Cons Reliable internet connectivity is still required 5/16/2018 8:54 AM ExpressRoute - Cons Reliable internet connectivity is still required A good internet connection may give similar or better performance Often encourages hub and spoke model which may actually increase latency when compared to direct connection Higher cost of implementation, usage and maintenance Typically two to six months of planning required for implementation Highly skilled network team required Very high risk of connectivity problems on cutover if planning and maintenance is not done (e.g. asymmetric routes) Security still needs to be applied to the circuit Cost benefit ratio should be assessed and benefits fully understood © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Choosing Egress Locations 5/16/2018 8:54 AM Choosing Egress Locations © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Remote Sites Connectivity Modelling 5/16/2018 8:54 AM Remote Sites Connectivity Modelling Egress location should be assessed based on Latency and availability Network Assessment is advised to ascertain the optimal location Often may be cheaper and more efficient to upgrade local egresses rather than upgrade WAN links and centralized egress Cloud proxies may provide a solution for some scenarios Key goal is to use a managed network to get traffic to Microsoft’s global network ASAP © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

TechReady 23 5/16/2018 8:54 AM SEA SEA1 YQB YMQ YYZ ORD BOS ASE DSM JFK DEN BWI COS SFO LAX1 CLT OKC LAX ATL PHX DFW SAT HOU MIA © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Controlling inbound traffic 5/16/2018 8:54 AM Controlling inbound traffic Some workloads initiate connections from Office 365 toward customer network Transactions related to hybrid connectivity Federated authentication SMTP Traffic may be identified & allowed via published IP ranges Terminating SSL at network edge (reverse proxy or load balancer) generally acceptable No inspection/manipulation Not all workloads support legacy pre-auth at network edge © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/16/2018 8:54 AM In closing © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

  Office 365 connectivity principles Identify and differentiate Office 365 traffic using Microsoft published endpoints data Egress Office 365 data connections as close to the user as practical with matching DNS resolution Avoid network hairpins and optimize connectivity directly into the nearest entry point into Microsoft network Assess bypassing proxies, traffic inspection devices and duplicate security which is available in Office 365 aka.ms/o365ip Head Office Branch Office ISP Microsoft Network  Microsoft Network ISP IaaS Cloud  Internet

Wrap up Office 365 Connectivity BRK3041 Connectivity Strategy Tuesday 5/16/2018 8:54 AM Wrap up Office 365 Connectivity BRK3041 Connectivity Strategy Tuesday BRK1005 Connectivity Implementing on Tuesday BRK3387 Connectivity meet-up on Friday Workload Details Sessions Skype for Business BRK4004 on Thursday & BRK3029 Tues SharePoint Online BRK3257 on Thursday Exchange Online BRK4029, was on Monday © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session Tech Ready 15 5/16/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/16/2018 8:54 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.