Network connectivity in the Microsoft 365 Admin Center preview available
Published Sep 23 2020 07:00 PM 18.8K Views
Microsoft

In a cloud services world the quality of your network connectivity can make or break user experiences. Microsoft publishes best practices and principles of network connectivity to support customers with this work. We are making a broadly available preview available today for test tooling that identifies how well these principles are followed in the Microsoft 365 Admin Center and in the standalone Microsoft 365 network connectivity test tool.

 

Microsoft 365 Admin Center network connectivity functionality is available as public preview from today. Any customer in the worldwide commercial service can go to the Health -> Network Connectivity menu blade and request access to the preview. Preview acceptance is typically immediate, and participation has no impact to your organization outside access to these new pages.

 

Network connectivity page in the Microsoft 365 Admin CenterNetwork connectivity page in the Microsoft 365 Admin Center

 

In the network connectivity pages you can see a network assessment that evaluates the impact of your network design on user experience in a 0 – 100 scale. This is calculated based on network attributes which have been proven through support cases to affect user experience the most. The network assessment is best evaluated at a specific office location, but an organization wide network assessment is also provided. The organization wide network assessment is also included in your productivity score. In addition, specific network insights are provided which identify network design improvements that could be made to align with the published network connectivity principles and improve network performance.

 

Office location identification options

It’s important to have network design configured well at each office location. We have three alternatives for you to associate the network tests with your office locations.

 

         Location detection iconLocation detection icon

  1. You can enable Windows Location Services and consent to it on each client machine. The network telemetry in Microsoft 365 clients will detect this and will round it to a maximum accuracy of 300m x 300m before use. Reports are provided for your organization aggregated to the city resolution. This method of office location detection is relatively automatic but does require your corporate policy to allow for Windows Location Services to be enabled on client machines.

    Location LAN subnet entry iconLocation LAN subnet entry icon
  2. Alternatively, you can enter each office location and specify the LAN Subnet used at that location. Because LAN Subnets need to be unique within your WAN for routing purposes, we can correlate network test measurements with the office locations you have entered. This has the added advantage that you are not limited to a single office location in each City, but you can monitor multiple so long as you enter the LAN Subnets separately. 

    Location user-submitted report iconLocation user-submitted report icon
  3. A third method for office location identification is more manual where you can have a user at each office location run a set of tests which are submitted back to your organization. This single test result collected by the Microsoft 365 network connectivity test tool is then used to be representative of the office location. One advantage of the stand-alone test tool is that the test will show up immediately in the admin center because there is no overnight aggregation required.

 

Whichever method you choose for office location identification, you will get the same rich reporting, network assessments, and network insights provided to help improve your network design.

 

Microsoft 365 network connectivity test tool

Microsoft 365 network connectivity test (http://connectivity.office.com) is also now in preview and enables sign-in to the users tenant and several ways to share test reports.

 

Home page of connectivity.office.comHome page of connectivity.office.com

 

The Microsoft 365 network connectivity test tool is a standalone web site that allows users to test network connectivity between a user and Microsoft 365 service front doors. It runs at the user location and is run by someone at that location from their computer. It identifies common enterprise customer network design issues that violate published Microsoft 365 network connectivity principles and that impact user experience. It includes JavaScript based testing and a downloadable advanced test tool. These tests can be run anonymously, and the report is shown to the user only. The tool can be run while signed into the Microsoft 365 tenant and test reports run while signed in are shared to the Microsoft 365 Admin Center, they are shared with Microsoft employees, and may be shared with other users through an anonymous report link.

 

Release timeline

We are planning for a supported general availability release of these tools in the North American winter. Please share your feedback with us as we continue to improve on them.

 

SD-WAN configuration

As announced at last year's Ignite conference, we've partnered with Cisco to bring a new feature to Microsoft 365 which we are calling "informed network routing." This feature will allow for SD-WAN branch routers to select the best possible path for Microsoft 365 traffic, going beyond the traditional simplistic ping or HTTP probe, and now allowing direct integration of a feedback channel directly from the major applications that make up the Microsoft 365 service including Exchange, Teams, and SharePoint. This means that branch routers can now understand the end-user experience across these applications within the scope of the branch, allowing for quick response to any network quality issues that may occur on an individual path. An initial private preview of this technology is now in progress, and we look forward to announcing a broader preview in the coming weeks, as well as further industry partnerships to extend the availability of this technology.

 

References

Watch our network connectivity Ignite 2020 videos

http://aka.ms/netvideos

Discuss these features on our forums

http://aka.ms/netforums

Link back to this blog post

http://aka.ms/netignite 

31 Comments
Brass Contributor

This is a really useful addition and its great to see more happening around Network Connectivity, as the previous setup was not great for the 365 stack.   I am very pleased to see this coming through.

Iron Contributor

This is a really useful feature. Is the collective data report store in the agreed location for that tenant?
Our clients are based out of EU, the analytics data store location is important for them to w.r.t security and GDPR. 

Microsoft

@Vadivelu_B There is no personal data stored as part of this feature and it follows all Microsoft data storage commitments. You can read about those here: https://docs.microsoft.com/microsoft-365/enterprise/o365-data-locations

Brass Contributor

What URL(s) does the OneDriveforBusiness client use to determine performance? I think I need to unblock these on our proxy server

Microsoft

@Calum_L1 Please check if you are blocking any of the required URLs published at http://aka.ms/o365ip. My team also manages publishing of those.

 

Regards,

Paul

Silver Contributor
Microsoft

@wroot Yes

Microsoft

I am currently doing a Network assessment for one of my government client in Australia. I was really happy to see this feature coming through. Is there any way I can implement this on my client tenant?

Copper Contributor

Hi, gave the connectivity tool a try on our network and tenant, most tests complete successfully, however the TCP connection test fails, 2 of the urls seem to be accountable for, 'account.office.net' seems to be inaccessible (But has been allowed/excepted on our proxy, proven too) and 'smtp.office365.com' is blocked on port 587 it seems (Likely our ISP), but 25 is open for it. The URLs for SharePoint that it's calculated are incorrect too, despite putting in our tenant domain name at the start of the test as below. As well we seem to have 100% packet loss showing on the Test for Microsoft Teams, but this might be erroneous as Teams itself is working fine. Looking forward to using this to help ensure connectivity is working as intended :)

 

EDIT : If I put our onmicrosoft.com domain in instead, then we only get 2 fails under TCP Connection instead for 'smtp.office365.com' and 'quicktips.skypeforbusiness.com'

 

techyluke195_0-1601294904190.png

techyluke195_2-1601295107443.png

 

techyluke195_1-1601294915099.png

 

 

Copper Contributor

This is brilliant.

For option #1 (Windows Location Services), how do we enable the location collection just for this purpose without enabling it for *every* app on the device?

Copper Contributor

@techyluke195, I received a TCP connection error with account.office.net also but that was the only URI.

Microsoft

@PoonamK007 All worldwide commercial customers can access the feature as described in the article above.

@techyluke195 and @t-rev  Thank you for the feedback. We are working on this connectivity test.

@Brett James Enabling Windows Location Services for the machine allows it for any Win32 application that is not from the Windows Store. Windows Store applications can be separately enabled or disabled for location. You can avoid Windows Location Services by adding locations in the Admin Center network connectivity and adding LAN Subnet ID information as described in the above article.

 

Regards,

Paul

Copper Contributor

Thanks Paul... Feedback then - get an option to enable location services for this service only and not all non-store apps :).

I can foresee the legal groups for many enterprises putting getting in the road of this great initiative when you have to allow everything.

 

Using the Locations/subnet information isn't going to do much for us as 70%+ people are remote right now and probably for the next 2-3 years at least.

If we did, those people coming in via legacy VPN to central locations will make the results not useful. Those coming in via something like Zscaler where there are more local pops will give a bit more useful info but everyone's local subnets will be 10.x & 192.168.x, only differentiated by the egress IP (Does that matter?).

Anyone that is not connecting to the corporate network won't have any results.

 

Microsoft

@Brett James Good feedback, thank you. For the LAN Subnet ID location identification you can also enter egress IP to help identify office locations

Copper Contributor

@Paul Andrew  Apologies for my ignorance, I am still trying to get a business case for this tool. As M365 Admin, do you recommend running advanced tests client application on my machine, selecting different location or run this tool at every point where Internet egress happens? 

 

Microsoft

@bnaraysh It's not valid to run the advanced tests client on one machine and enter a different location. The tests will run, but the results will not be valid. You either need to ask someone at the remote location to run the tests or use one of the other two methods for getting test data which use built in tests in the OneDrive for Business sync client.

Regards, Paul

Copper Contributor

Thanks @Paul Andrew  It makes sense. If I understood correctly, this tool test the network connectivity between a desktop/laptop to Microsoft 365 Services & have nothing to do with the M365 account associated with it?

 

Or

 

Does it capture the tenant information from which we have logged in and running the tool?

 

We are looking to run it first at our test tenant then move it forward our actual Production tenant. Does it make any different if I log in both the tenants from the same machine and run the test individually? 

Microsoft

@bnaraysh The http://connectivity.office.com tool runs tests interactively from the PC that you launch it from. You can also separately review network test data that are from your production tenant in the Microsoft 365 Admin Center under Health -> Network Connectivity.

Regards, Paul

Copper Contributor

thanks again @Paul Andrew  One final question that may have already been asked by many but to get more clarity, is there any article that shows list of information captured from the machine that runs the too?

 

Will these information be stored somewhere from the Microsoft end? Any information around the Privacy statement of the tool would help. 

Microsoft

@bnaraysh The privacy statement for http://connectivity.office.com is linked at the bottom of the web page. All data storage is in compliance with that and other published Office 365 data protection commitments. Specific data captured during tests is shown in the details tab after the test is completed.

Copper Contributor

@Paul Andrew  In Network connectivity present in the Microsoft 365 Admin Center (preview), Do I need to add Location Information to get results for that particular location? In that case, what is the use of 'Location Opt -in' available under settings? 

Microsoft
Microsoft

Hi all, do we know what the minimum role requirement is to be able to see the Network Connectivity tool in the admin center is? My customer might not have the correct permissions as they are not seeing the tool. Thanks!

Microsoft
Copper Contributor

Hi @Paul Andrew!

We tried to run Connectivity tool at one government customer environment which is quit strictly secured and all traffic goes though proxy.  Web part went smoothly but advanced test stopped during 656 (of 659) step. 

Which URL/IPs have to be enabled for correct run of the tool? Is it enough to enable only "optimize" URL/IPs?

Or are there any parameters of this tool to run it with minimal number of proxy exceptions?

 

Thx a lot

 

Josef

Copper Contributor

Pls, it is quite urgent...

Microsoft

@JosefVagner it requires connectivity to Office 365 URLs. Can you share a screenshot of the details page when it gets stuck? How long did you wait for the last three test results? What happens when you run tracert outlook.office365.com on one of those machines?


Regards,

Paul

Copper Contributor

It stucks forever in step 656 (waiting few hours, then finished from our site):

 

656.PNG

 

So it is neccesary add to proxy exceptions all listed URLs from TCP test?

As at customers site there is no DNS translation between internal and external DNS it ends with this error: Unable to resolve target system name outlook.office365.com. They can send log from proxy server if necessary...

Thx

Copper Contributor

TCPconnections.png

Copper Contributor

Pls can you specify your answer "it requires connectivity to Office 365 URLs". Can you be more specific (all URLs/IPs, only Optimize URLs etc...)?

Copper Contributor

@Paul Andrew - regarding which URL/IPs - is it enough to add only Required items (for all Categories) from table at page from Office 365 URLs and IP address ranges - Microsoft 365 Enterprise | Microsoft Docs?

 

Version history
Last update:
‎May 06 2021 11:45 AM
Updated by: