Office 365 connectivity can be optimized by implementing a combination of approaches like network route optimization, firewall rules, browser proxy settings, and bypass of network inspection devices for certain endpoints.
Office 365 egress works well but the optimum connectivity model is to provide network egress at the user’s location, regardless of whether this is on the corporate network or remote locations such as home, hotels, coffee shops and airports. This local direct egress model is represented in the diagram below.
Use following Microsoft recommended Office 365 connectivity principles to manage your traffic and get the best performance when connecting to Office 365.
- Minimize latency by reducing the round-trip time (RTT) from your network into the Microsoft Global Network.
- Provide local Internet egress and by configuring internal DNS servers to provide local name resolution for Office 365 endpoint.
- Implement both local DNS and local Internet egress together.
- Shorten the network path to Office 365 entry points. Make sure users connect to Office 365 front-end servers as close as possible.
- Minimize name resolution latency by provisioning local DNS servers in branch locations and making sure they are configured to cache DNS records appropriately.
- Avoid network hairpins, A network hairpin happens when WAN or VPN traffic bound for a particular destination is first directed to another intermediate location.
- Make sure the ISP that is used to provide Internet egress for the user location has a direct peering relationship with the Microsoft Global Network in close proximity to that location.
- Configure egress routing to send trusted Office 365 traffic directly, as opposed to proxying or tunnelling through a third-party cloud or cloud-based network security vendor that processes your Internet-bound traffic.
- Bypass on-premises proxy devices and cloud-based proxy services commonly used for generic Internet browsing.
- Ensure that IP addresses returned by DNS name resolution match the routing egress path for these endpoints.
Adopt Local egress model over Traditional model
- Provides optimal Office 365 performance by optimizing route length. End user connections are dynamically routed to the nearest Office 365 entry point by the Distributed Service Front Door infrastructure.
- Reduces the load on corporate network infrastructure by allowing local egress.
- Secures connections on both ends by leveraging client endpoint security and cloud security features.
Review network security and risk reduction methods
Most enterprise networks enforce network security for Internet traffic using technologies like proxies, SSL inspection, packet inspection, and data loss prevention systems but these methods can dramatically reduce performance, scalability and the quality of end-user experience when applied to Office 365 endpoints.
Enterprise customers should review their network security and methods specifically for Office 365 bound traffic and use Office 365 security features to reduce their reliance on intrusive, performance , and expensive network security technologies for Office 365 network traffic.
- Enable TCP window scaling, so your client device can send more data before requiring an acknowledgement. Having this disabled can have quite a performance impact on Office 365 and also any other traffic flowing through the device.
- Increase TCP idle time, so your client device can handle open connections more efficiently. Bring the SSL/TCP Idle Session timeout all perimeter devices into line with each other. Ideally, create a separate rule for Office 365 traffic, increase this value to as high a value as possible, in the region of > 2 hours (as Windows will send a keep alive by default at 2 hours).
- Set TCP maximum segment size MSS to full size, so your client device can send the largest blocks of data in a packet.
- TCP selective acknowledgements, so your client device can acknowledge received data more efficiently. This greatly increases the efficiency of the TCP protocol and is therefore enabled by default in Windows and most other TCP implementations. However, there can be occasions where devices are disabling this feature so it’s always worth a quick check.
Reduce Bandwidth Constraints during migration
- Reduce mailbox sizes. Smaller mailbox size improves migration speed.
- Use the mailbox move capabilities with an Exchange hybrid deployment.
- Schedule mailbox moves to occur during periods of low Internet traffic and low on-premises Exchange use.
- Use lean popouts for Outlook on the web. Lean popouts provide smaller, less memory-intensive versions of certain email messages in Microsoft Edge or Internet Explorer by rendering some components on the server.