-->

This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.

Network (Abstract—Provisioning commercial mobile telecommunications service on high speed train (HST) faces several challenges. In particular, when a HST quickly passes through the radio coverage of the base stations, frequent handovers may result in serious communication interruption. Methods such as the hierarchical. In the MIT Department of Aeronautics and Astronautics (AeroAstro), we look ahead by looking up. At its core, aerospace empowers connection — interpersonal, international, interdisciplinary, and interplanetary. We seek to foster an inclusive community that values technical excellence, and we research and engineer innovative aerospace s.

Microsoft 365 is a distributed Software-as-a-Service (SaaS) cloud that provides productivity and collaboration scenarios through a diverse set of micro-services and applications. Client components of Microsoft 365 such as Outlook, Word and PowerPoint run on user computers and connect to other components of Microsoft 365 that run in Microsoft datacenters. The most significant factor that determines the quality of the Microsoft 365 end user experience is network reliability and low latency between Microsoft 365 clients and Microsoft 365 service front doors.

In this article, you will learn about the goals of Microsoft 365 networking, and why Microsoft 365 networking requires a different approach to optimization than generic Internet traffic.

Microsoft 365 networking goals

The ultimate goal of Microsoft 365 networking is to optimize the end user experience by enabling the least restrictive access between clients and the closest Microsoft 365 endpoints. The quality of end user experience is directly related to the performance and responsiveness of the application that the user is using. For example, Microsoft Teams relies on low latency so that user phone calls, conferences and shared screen collaborations are glitch-free, and Outlook relies on great networking connectivity for instant search features that leverage server-side indexing and AI capabilities.

The primary goal in the network design should be to minimize latency by reducing the round-trip time (RTT) from client machines to the Microsoft Global Network, Microsoft's public network backbone that interconnects all of Microsoft's datacenters with low latency, high availability cloud application entry points spread around the world. You can learn more about the Microsoft Global Network at How Microsoft builds its fast and reliable global network.

Optimizing Microsoft 365 network performance doesn't need to be complicated. You can get the best possible performance by following a few key principles:

• Identify Microsoft 365 network traffic
• Allow local branch egress of Microsoft 365 network traffic to the internet from each location where users connect to Microsoft 365
• Allow Microsoft 365 traffic to bypass proxies and packet inspection devices

For more information on Microsoft 365 network connectivity principles, see Microsoft 365 Network Connectivity Principles.

Traditional network architectures and SaaS

Traditional network architecture principles for client/server workloads are designed around the assumption that traffic between clients and endpoints does not extend outside the corporate network perimeter. Also, in many enterprise networks, all outbound Internet connections traverse the corporate network, and egress from a central location.

In traditional network architectures, higher latency for generic Internet traffic is a necessary tradeoff in order to maintain network perimeter security, and performance optimization for Internet traffic typically involves upgrading or scaling out the equipment at network egress points. However, this approach does not address the requirements for optimum network performance of SaaS services such as Microsoft 365.

Identifying Microsoft 365 network traffic

We're making it easier to identify Microsoft 365 network traffic and making it simpler to manage the network identification.

• New categories of network endpoints to differentiate highly critical network traffic from network traffic which is not impacted by Internet latencies. There are just a handful of URLs and supporting IP Addresses in the most critical “Optimize” category.
• Web services for script usage or direct device configuration and change management of Microsoft 365 network identification. Changes are available from the web service, or in RSS format, or on email using a Microsoft Flow template.
• Office 365 Network partner program with Microsoft partners who provide devices or services that follow Microsoft 365 network connectivity principles and have simple configuration.

Securing Microsoft 365 connections

The goal of traditional network security is to harden the corporate network perimeter against intrusion and malicious exploits. Most enterprise networks enforce network security for Internet traffic using technologies like proxy servers, firewalls, SSL break and inspect, deep packet inspection, and data loss prevention systems. These technologies provide important risk mitigation for generic Internet requests but can dramatically reduce performance, scalability, and the quality of end user experience when applied to Microsoft 365 endpoints.

Microsoft 365 helps meet your organization's needs for content security and data usage compliance with built-in security and governance features designed specifically for Microsoft 365 features and workloads. For more information about Microsoft 365 security and compliance, see the Office 365 security roadmap. For more information about Microsoft’s recommendations and support position on advanced network solutions that perform advanced-level processing on Microsoft 365 traffic, see Using third-party network devices or solutions on Office 365 traffic.

Why is Microsoft 365 networking different?

Microsoft 365 is designed for optimal performance using endpoint security and encrypted network connections, reducing the need for perimeter security enforcement. Microsoft 365 datacenters are located across the world and the service is designed to use various methods for connecting clients to best available service endpoints. Since user data and processing is distributed between many Microsoft datacenters, there is no single network endpoint to which client machines can connect. In fact, data and services in your Microsoft 365 tenant are dynamically optimized by the Microsoft Global Network to adapt to the geographic locations from which they are accessed by end users.

Certain common performance issues are created when Microsoft 365 traffic is subject to packet inspection and centralized egress:

• High latency can cause extremely poor performance of video and audio streams, and slow response of data retrieval, searches, real-time collaboration, calendar free/busy information, in-product content and other services
• Egressing connections from a central location defeats the dynamic routing capabilities of the Microsoft 365 global network, adding latency and round-trip time
• Decrypting SSL secured Microsoft 365 network traffic and re-encrypting it can cause protocol errors and has security risk

Shortening the network path to Microsoft 365 entry points by allowing client traffic to egress as close as possible to their geographic location can improve connectivity performance and the end user experience in Microsoft 365. It can also help to reduce the impact of future changes to the network architecture on Microsoft 365 performance and reliability. The optimum connectivity model is to always provide network egress at the user's location, regardless of whether this is on the corporate network or remote locations such as home, hotels, coffee shops and airports. Generic Internet traffic and WAN based corporate network traffic would be separately routed and not use the local direct egress model. This local direct egress model is represented in the diagram below.

The local egress architecture has the following benefits for Microsoft 365 network traffic over the traditional model:

• Provides optimal Microsoft 365 performance by optimizing route length. End user connections are dynamically routed to the nearest Microsoft 365 entry point by the Microsoft Global Network's Distributed Service Front Door infrastructure, and traffic is then routed internally to data and service endpoints over Microsoft's ultra-low latency high availability fiber.
• Reduces the load on corporate network infrastructure by allowing local egress for Microsoft 365 traffic, bypassing proxies and traffic inspection devices.
• Secures connections on both ends by leveraging client endpoint security and cloud security features, avoiding application of redundant network security technologies.

Note

The Distributed Service Front Door infrastructure is the Microsoft Global Network's highly available and scalable network edge with geographically distributed locations. It terminates end user connections and efficiently routes them within the Microsoft Global Network. You can learn more about the Microsoft Global Network at How Microsoft builds its fast and reliable global network.

For more information on understanding and applying Microsoft 365 network connectivity principles, see Microsoft 365 Network Connectivity Principles.

Conclusion

Optimizing Microsoft 365 network performance really comes down to removing unnecessary impediments. By treating Microsoft 365 connections as trusted traffic, you can prevent latency from being introduced by packet inspection and competition for proxy bandwidth. Allowing local connections between client machines and Office 365 endpoints enables traffic to be dynamically routed through the Microsoft Global Network.

Related Topics

This topic provides a description of recommended values that impact network performance.

Important

During performance testing completed for this guide it was observed that Windows Server 2008 appears to be tuned by default. Modification of registry settings should only be done after a careful analysis of the effects on the system.

Hst High Soft Network Sweepstakes

Adjust the MaxUserPort and TcpTimedWaitDelay settings

The MaxUserPort value controls the maximum port number used when an application requests any available user port from the system. Normally, short-lived ports are allocated in the range from 1025 through 65535. The port range is now truly a range with a starting point and with an endpoint. The new default start port is 49152, and the default end port is 65535. This range is in addition to well-known ports that are used by services and by applications. The port range that is used by the servers can be modified on each server. You adjust this range by using the netsh command, as follows:

netsh int <ipv4|ipv6> set dynamicport <tcp|udp> start=number num=range

This command sets the dynamic port range for TCP. The start port is number, and the total number of ports is range. The following are sample commands: You can view the dynamic port range by using the following netsh commands:

• netsh int ipv4 show dynamicport tcp. To increase the range to the maximum allowed value for tcp v4, use the following command:

  netsh int ipv4 set dynamicport tcp start=1025 num=64511

• netsh int ipv4 show dynamicport udp

• netsh int ipv6 show dynamicport tcp

• netsh int ipv6 show dynamicport udp

  The TcpTimedWaitDelay value determines the length of time that a connection stays in the TIME_WAIT state when being closed. While a connection is in the TIME_WAIT state, the socket pair cannot be reused. This is also known as the 2MSL state because the value should be twice the maximum segment lifetime on the network. For more information, see Internet RFC 793 ( HYPERLINK 'https://go.microsoft.com/fwlink/?LinkId=113719' https://go.microsoft.com/fwlink/?LinkId=113719). To adjust the TcpTimedWaitDelay settings, you have to modify the registry settings as listed below:

Hst High Soft Network Settings

Hst High Soft Network Quick

Hst High Soft Network Login

See Also