“Is ExpressRoute for me?” seems to be a recurrent question these days. And from Office 365 standpoint, the answer is probably not for the clear majority of customer asking that question. I will tell you why: Simply put, Office 365 is designed to work via the internet. Securely and reliably. Moreover, many of the services require some level of Internet connectivity and none will work exclusively with ExpressRoute (with no Internet at all) as you can read at the Office 365 endpoints article.
Of course, there are few situations where ExpressRoute makes sense, but they don’t come across very often. Before you ask, those situations usually involve regulatory requirements. And even in those cases, you must perform a complete network assessment before going down the ExpressRoute way. Ask your account team, your FastTrack team… any of us, and we will point you in the right direction.
If you think about how users connect to Office 365, it is a truly distributed application, with endpoints all around the world. I wrote an article about getting your DNS right that discusses this topic. It is directly related to the case here: We will do our best to make sure you access our services in the fastest way, pointing you to the closest Office 365 endpoint, no matter where you are. Using dedicated network circuits makes it more likely that you would have to back haul traffic across a WAN before connecting to that circuit. That back haul adds latency and single circuits cause single points of failure. It’s better on both counts to have cheap local ISP connections that are closer to the user and route network traffic more directly to Office 365 network endpoints. The goal is to minimize network latency and reduce the round-trip time (RTT) from your network to Microsoft’s global network. You can read more about optimal network architecture and Office 365 Network Connectivity Principles.
Other common questions/arguments
I don’t want any traffic to go through the Internet because I don’t feel it is safe.
Ok, Internet can be a dark place. But not if you don’t go to the dark places. All the Office 365 traffic is encrypted as well as the data at rest. That means people won’t be able to eavesdrop your conversation.
You should evaluate your own security risks, but if you think about it, those risks are usually not related to the network, but with weak passwords, compromised workstations, social engineering… Those are the same risks, whether your data is sitting on Office 365 or on an on-premises server.
Maybe we should shift the risk conversation to a broader discussion, including identity (how your users authenticate), devices (compliant and secure devices) and data protection (DLP, information protection, retention).
We have a lot of great content that may clarify several of the security questions at Office 365 Trust Center. Check it out!
The Internet is unpredictable and can hurt performance
Keep in mind that our network counts with points of presence scattered all around the globe. Most of the concerns regarding Internet backbone can be solved with correct DNS configuration, as pointed out at the “But why, why?” section.
Also, performance issues are not always related to the network. For instance, if you use Outlook in cached mode you most likely will experience a superior performance compared to users in online mode. Or the proxy… those guys can hurt you if not properly sized/configured. You should really consider not using proxies for "Optimize" category network endpoints (see https://aka.ms/proxytips and http://aka.ms/o365endpoints).
If you still have doubts, you can start with a network assessment. Then a pilot with a representative group of users. And then you use the data collected to perform course corrections if necessary. We can help you with the network assessment via Premier, Microsoft Consulting or our partners.
I just don’t have enough bandwidth
That might be true. But if you think it through, you will conclude that ExpressRoute have costs that can outweigh investments in Internet connectivity with the same (or better) intended results.
So, the options are hiring ExpressRoute or upgrading your Internet links. I personally recommend you comparing the costs. If you are considering ExpressRoute due to limited bandwidth, you will see that there are better options.
What about latency?
You are using Skype for video/audio conferences, right? Because that is the kind of questions Skype and PBX admins ask. If that’s the case, you are also thinking jitter and packet loss, am I right?
Going backwards, you should not see packet loss if you have enough bandwidth. That’s an easy one.
Better Internet connections can also help with jitter, but you should also lookout for firewall and routers capacity. Poor network devices performance will hurt the same way if you use ExpressRoute. And, please, don’t use proxies for media in Teams/Skype.
High latency can be a product of your network pipeline, the distance from the network… You should take that into consideration as well.
Yeah, but I still think ExpressRoute can help me
If you are still not convinced, check the scenarios where ExpressRoute may be considered:
- Situations where you believe that a direct network connection to Microsoft can help you meet regulatory requirements for some Office 365 services.
- Your Internet egress topology does not meet the requirements and best practices for Office 365 Exchange, SharePoint or Skype for Business and cannot be tuned, changed, or scaled to support those in the future, while a specific network design based on ExpressRoute peering overcomes such constrains.
- Office 365 performance is impacted by network deficiencies that ExpressRoute can address. It is important to clearly understand the root cause for any performance issue (for example, by performing a network assessment), and subsequently confirm that the ExpressRoute network design will remediate that issue.
If one of the three scenarios above describes your environment, contact your account team and start working on a network assessment. Then you have everything you need to reach a final decision.
Summing it up
If you simply want a secure, stable, and performant connection to Office 365, you don’t need ExpressRoute. Office 365 is built upon Microsoft Datacenter’s network which has points of presence in all the continents but Antarctica, that can take you to your data with the best performance.
However, you are on one of the three scenarios we say ExpressRoute can help you, please work on the network assessment and with your account team at Microsoft to start the process with us.
The Office 365 networking product group would like to learn about your networking challenges with Office 365 connectivity. Please comment on this blog to start a conversation.
- Strategies for building effective, optimal and future proof connectivity that will delight your users
- Implementing a modern network architecture to get the most out of Office 365