- Subscription tenancy automatically creates ONMICROSOFT.COM domain.
- - Format in form of: {Name}.onmicrosoft.com.
- Name cannot be changed/removed and remains for the course of the subscription.
- Supports up to 900 domains for 1 subscription – separate or subdomains
- Configure tenancy with custom domain name to use as primary email suffix
- - i.e. admin@fugazi.com instead of admin@fugazi.onmicrosoft.com
- Use existing domain or purchase domain from within M365 but then limited to:
- - com, net, org, co.uk, biz, me, info, mobi, tv, org.uk domains
- DNS servers used by domain must support following record types:
- - CNAME - multiple CNAME records in zone used by Skype for business
- - SPF/TXT - Sender Protection Framework to combat unsolicited emails/txt to verify domain
- - SRV - Skype for business Online IM using OWA and federation
- - MX - Route email to Exchange Online servers
- M365 shifts model from protected internal networks to public locations in cloud
- Clients need to establish unauthorized connections over Port 80/443 to M365 servers
- - Clients configured in APIPA range cannot connect to M365 services (no internet access)
- - Clients need to be configured with default gateway to route traffic to internet
- - Clients require firewalls configured to allow access to certain M365 endpoints
- - M365 will not function if proxy server requires authentication for connections
- Network design should minimize latency by reducing round-trip time from network into MS Global Network
- - backbone connecting MS data centers with low latency and cloud application entry points around world.
- Best user experience achieved by allowing network to route user requests to closest M365 service entry point, rather than connecting through an egress point in a central location or region (i.e. not necessarily geographic location of tenant where data stored).
- Enterprise networks enforce network security for Internet traffic using technologies like proxies, SSL inspection, packet inspection, and data loss prevention systems. These provide risk mitigation for generic Internet requests but can reduce performance, scalability and quality of end user experience when applied to Microsoft 365 endpoints.
- M365 endpoint is URL or IP address that hosts M365 service
- Connectivity can be optimized by network route optimization, firewall rules, browser proxy settings, and bypass of network inspection devices for certain endpoints.
- Each MS endpoint is categorized to focus optimization efforts:
- OPTIMISE
- Endpoints are required for connectivity for every M365 service. 75% of all M365 traffic
- Most sensitive to network performance, latency & availability
- Includes small set of URLs/IP subnets for core services, i.e. Exchange, Skype, SharePoint, Teams Online etc.
- ALLOW
- Endpoints are required for connectivity for every M365 service BUT less sensitive to network performance
- DEFAULT
- Don’t require any specific optimization and can be treated same as other internet traffic
- Subscribe to Endpoint web service for list of endpoints to update firewall configurations
- PAC (Proxy Automatic Configuration)
- Scripts used to bypass proxies for M365 requests from WAN/VPN users for direct internet connections
