Windows Always On VPN - Split all M365 Traffic

Steel Contributor

Looking to use Windows Always On VPN but split tunnel all M365 traffic. Is there a cookbook/recipe for this already i.e. XML file with all the exclusions from the tunnel 

1 Reply
1.Define M365 Traffic IP Ranges:

Microsoft provides specific IP address ranges for their services. You can find the most up-to-date information on M365 services IP ranges from the Microsoft Docs.

2.Create a VPN Profile:

Use the VPN Client Configuration using a tool like Windows PowerShell or the Rasphone command. Create a VPN profile where you will set the parameters for split tunneling.
If using Windows 10 or later, you can use the Windows Configuration Designer to create a provisioning package.

3.Modify the Routing Policy:

In your VPN client configuration, define routing policies that specify that only traffic destined for the Microsoft 365 IP ranges should be sent through the VPN.