Azure ExpressRoute for Office 365
Learn how Azure ExpressRoute is used with Office 365 and how to plan the network implementation project that will be required if you are deploying Azure ExpressRoute for use with Office 365. Infrastructure and platform services running in Azure will often benefit by addressing network architecture and performance considerations. We recommend ExpressRoute for Azure in these cases. Software as a Service offerings like Office 365 and Dynamics 365 have been built to be accessed securely and reliably via the Internet. Accordingly, we only recommend ExpressRoute for these applications in specific scenarios. You can read about Internet performance and security and when you might consider Azure ExpressRoute for Office 365 in the article Network connectivity to Office 365.
Starting July 31st, 2017, you can enable Microsoft Peering directly from the Azure Administrative console or using PowerShell. After enabling Microsoft Peering, you can create route filters to receive specific BGP route advertisements. You'll need authorization to create filters for Office 365 and can create Dynamics 365 Customer Engagement applications (formerly known as CRM Online) filters at any time. Talk to your Microsoft Account team about the process to obtain authorization to create Office 365 route filters. Unauthorized subscriptions trying to create route filters for Office 365 will receive an error message
You can now add a direct network connection to Office 365 for selected Office 365 network traffic. Azure ExpressRoute offers a direct connection, predictable performance, and comes with an uptime SLA of 99.95% for the Microsoft networking components. You'll still require an internet connection for services that aren't supported over Azure ExpressRoute.
Planning Azure ExpressRoute for Office 365
In addition to internet connectivity, you may choose to route a subset of their Office 365 network traffic over a direct connection that offers predictability and a 99.95% uptime SLA for the Microsoft networking components. Azure ExpressRoute provides you with this dedicated network connection to Office 365 and other Microsoft cloud services.
Regardless of whether you have an existing MPLS WAN, ExpressRoute can be added to your network architecture in one of three ways; through a supported cloud exchange co-location provider, an Ethernet point-to-point connection provider, or through an MPLS connection provider. See what providers are available in your region. The direct ExpressRoute connection will enable connectivity to the applications outlined in What Office 365 services are included? below. Network traffic for all other applications and services will continue to traverse the internet.
Consider the following high level network diagram which shows a typical Office 365 customer connecting to Microsoft's datacenters over the internet for access to all Microsoft applications such as Office 365, Windows Update, and TechNet. Customers use a similar network path regardless of whether they're connecting from an on-premises network or from an independent internet connection.
Now look at the updated diagram which depicts an Office 365 customer who uses both the internet and ExpressRoute to connect to Office 365. Notice that some connections such as Public DNS and Content Delivery Network nodes still require the public internet connection. Also notice the customer's users who are not located in their ExpressRoute connected building are connecting over the Internet.
Still want more information? Learn how to manage your network traffic with Azure ExpressRoute for Office 365 and learn how to configure Azure ExpressRoute for Office 365. We've also recorded a 10 part Azure ExpressRoute for Office 365 Training series on Channel 9 to help explain the concepts more thoroughly.
What Office 365 services are included?
The following table lists the Office 365 services that are supported over ExpressRoute. Please review the Office 365 endpoints article to understand which network requests for these applications require internet connectivity.
Exchange Online Protection1
|Skype for Business Online1
OneDrive for Business1
|Portal and shared1
Azure Active Directory1
1Each of these applications have internet connectivity requirements not supported over ExpressRoute, see the Office 365 endpoints article for more information.
The services that aren't included with ExpressRoute for Office 365 are Office 365 ProPlus client downloads, On-premises Identity Provider Sign-In, and Office 365 (operated by 21 Vianet) service in China.
Implementing ExpressRoute for Office 365
Implementing ExpressRoute requires the involvement of network and application owners and requires careful planning to determine the new network routing architecture, bandwidth requirements, where security will be implemented, high availability, and so on. To implement ExpressRoute, you'll need to:
Fully understand the need ExpressRoute satisfies in your Office 365 connectivity planning. Understand what applications will use the internet or ExpressRoute and fully plan your network capacity, security, and high availability needs in the context of using both the internet and ExpressRoute for Office 365 traffic.
Determine the egress and peering locations for both internet and ExpressRoute traffic1.
Determine the capacity required on the internet and ExpressRoute connections.
Have a plan in place for implementing security and other standard perimeter controls1.
Have a valid Microsoft Azure account to subscribe to ExpressRoute.
Select a connectivity model and an approved provider. Keep in mind, customers can select multiple connectivity models or partners and the partner doesn't need to be the same as your existing network provider.
Validate deployment prior to directing traffic to ExpressRoute.
Optionally implement QoS and evaluate regional expansion.
1Important performance considerations. Decisions here can dramatically impact latency which is a critical for applications such as Skype for Business.
To purchase ExpressRoute for Office 365, you'll need to work with one or more approved providers to provision the desired number and size circuits with an ExpressRoute Premium subscription. There are no additional licenses to purchase from Office 365.
Here's a short link you can use to come back: https://aka.ms/expressrouteoffice365
Ready to sign-up for ExpressRoute for Office 365?