Many large organisations employ proxies to control internet access and cache web content but this can cause major issues with the way Outlook and Lync connect to Office 365. Microsoft recommend bypassing proxies wherever possible with Office365 and here are the reasons why you should do this..
- All content is encrypted so no traffic analysis can be performed
- As content is encrypted, no caching can be utilized to increase performance
- A minimum of 2 connections for Outlook and 5 for Lync are required per user which can increase if shared or delegated mailboxes are accessed, this can put massive strain on existing proxy servers when migrating to Office 365 from an on premise based messaging system
- As the TCP connections to Office 365 are persistent, any issue that may cause your proxy to restart will disconnect the Outlook / Lync connection of every user.
Bypassing proxy servers for connections to office 365 can be achieved in a number of ways – Proxy Auto-Config (PAC) files can be used in the web browser to set bypass urls – more info here or the proxy server itself can be configured to go direct without authentication.
As Outlook reads proxy information from Internet Explorer, the best way to achieve this is to use PAC files to push Office 365 traffic away from the proxy servers but this can be problematic as many proxy servers are setup at the network’s edge and are the only way out of the LAN for network clients so additional infrastructure may be required.
If using PAC files isn’t an option – as a minimum the Office 365 and IPs should be configured on the proxy server to go direct without authentication but be aware that 2 connections per client as a minimum are required for basic connectivity of a single mailbox and significantly more if shared mailboxes delegated mailboxes are in use.
Recently Microsoft changed the guidance on which URLs are required to connect to Office 365, especially if you’re based in the UK. It used to be the case that only EMEA servers were required to connect but now you should open up the entire global suite of URLs / IP ranges.
You can research these IPs and URLs online.
Close attention should be paid to exactly how clients will connect when deploying Office 365 as latency and connection failures may occur that will severely affect user experience.