cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Peering with ExpressRoute (Transitioning to from Public Peering)

HB2019-
Copper Contributor

‎Apr 01 2019 07:56 AM

‎Apr 01 2019 07:56 AM

Microsoft Peering with ExpressRoute (Transitioning to from Public Peering)

Azure public peering has been deprecated, as is not available for new ExpressRoute circuits. New Circuits support Microsoft peering and private peering. Public peering has been disabled on new ExpressRoute circuits. Azure services are available on Microsoft peering.

 

The issue is our DR environment hosted in Azure Site Recovery uses an ExpressRoute circuit that is configured with Microsoft peering. However, Azure AD pass through authentication does not seem to wrok in Azure. Do we need an ExpressRoute premium connector to support this? please help

 

 

4,858 Views
0 Likes
9 Replies
Reply
9 Replies
Hannes_LG

‎Apr 01 2019 10:20 AM

‎Apr 01 2019 10:20 AM

Re: Microsoft Peering with ExpressRoute (Transitioning to from Public Peering)

Hi,

I don‘t here/see about any issues with ExpressRoute and AD pass through authentication.
Do you have any express route filters configured?
0 Likes
Reply
HB2019-

‎Apr 01 2019 10:32 AM - edited ‎Apr 01 2019 10:33 AM

‎Apr 01 2019 10:32 AM - edited ‎Apr 01 2019 10:33 AM

Re: Microsoft Peering with ExpressRoute (Transitioning to from Public Peering)

@Hannes_LG Do you have Other Office 365 services enabled for the BGP filter? I requested this from MS but still dont have approval. Can you confirm that is what you need to get that working?

0 Likes
Reply
Hannes_LG

‎Apr 01 2019 10:44 AM

‎Apr 01 2019 10:44 AM

Re: Microsoft Peering with ExpressRoute (Transitioning to from Public Peering)

Hi,
I had many customer engagements in the past where we use the Microsoft peering for Office365.
We always had many troubles after we enable the service, that’s the reason why Microsoft disable that feature per default.
For my point of view Office365 over express route make sense if you use Skype voice because you can use QoS.
I don’t think that’s your issue. Do you see any connection issues in AzureAD (Pass through Authentication)
0 Likes
Reply
HB2019-

‎Apr 01 2019 11:31 AM

‎Apr 01 2019 11:31 AM

Re: Microsoft Peering with ExpressRoute (Transitioning to from Public Peering)

We need Azure AD pass through authentication working in Azure. But my question is does ti require Express route premium?

When you say its working for you, do you have it working with ExpressRoute non-premium?
0 Likes
Reply
Hannes_LG

‎Apr 01 2019 12:22 PM

‎Apr 01 2019 12:22 PM

Re: Microsoft Peering with ExpressRoute (Transitioning to from Public Peering)

Hi,
If you want to route Azure AD traffic (Pass Through) over Microsoft peering you have to enable „Other Office 365 Services“ at the route filter.
I don‘t know if that requires the premium ADD-On but the questions are:
1.) How many Office 365 seats do you have?
If you have at least 500 seats the premium Add-On is free (https://docs.microsoft.com/en-us/skypeforbusiness/optimizing-your-network/media-quality-and-network-...)
2.) Why it’s so important to route the Azure AD pass through authentication over the express route?

Hope that helps.
0 Likes
Reply
HB2019-

‎Apr 01 2019 03:05 PM

‎Apr 01 2019 03:05 PM

Re: Microsoft Peering with ExpressRoute (Transitioning to from Public Peering)

@Hannes_LG I have no option but to use Microsoft Peering. The public peering model has been deprecated 

0 Likes
Reply
Hannes_LG

‎Apr 01 2019 10:29 PM

‎Apr 01 2019 10:29 PM

Re: Microsoft Peering with ExpressRoute (Transitioning to from Public Peering)

Hi,

where is the Problem? If you can’t use the Microsoft peering, Azure AD pass through Authentication works over the Internet. Open the required ports (outgoing) and everything was well. If you want to route the traffic to the express route, use the Microsoft peering.
0 Likes
Reply
HB2019-

‎Apr 03 2019 10:04 AM

‎Apr 03 2019 10:04 AM

Re: Microsoft Peering with ExpressRoute (Transitioning to from Public Peering)

@Hannes_LG appears to be working now over the public peer. My issue is can I still use the public peer or do I need to move to the Microsoft peer? Public peering has been deprecated for new circuits but how long will it last on my existing circuit? 

0 Likes
Reply
Hannes_LG

‎Apr 03 2019 12:32 PM

‎Apr 03 2019 12:32 PM

Re: Microsoft Peering with ExpressRoute (Transitioning to from Public Peering)

Hi,
if your internal IT policy requires, that the traffic for Azure AD Authentication routes over express route, you have to change the peering.
At the moment there isn’t any official statement from Microsoft when the public peering will be disabled for exist connections.
Here is a migration guide:
https://docs.microsoft.com/en-us/azure/expressroute/how-to-move-peering
But keep in mind, you maybe need the premium addon for the “Other Office 365 Services“ which include the Azure AD IPs.
For my point of view there is no need to route the Azure AD pass through authentication over the express route circuit, but when the security required that option it’s okay.

0 Likes
Reply