Forum Discussion

shocko's avatar
shocko
Steel Contributor
May 07, 2024

Windows Always On VPN - Split all M365 Traffic

Looking to use Windows Always On VPN but split tunnel all M365 traffic. Is there a cookbook/recipe for this already i.e. XML file with all the exclusions from the tunnel 

  • Tomasstes's avatar
    Tomasstes
    Brass Contributor
    1.Define M365 Traffic IP Ranges:

    Microsoft provides specific IP address ranges for their services. You can find the most up-to-date information on M365 services IP ranges from the Microsoft Docs.

    2.Create a VPN Profile:

    Use the VPN Client Configuration using a tool like Windows PowerShell or the Rasphone command. Create a VPN profile where you will set the parameters for split tunneling.
    If using Windows 10 or later, you can use the Windows Configuration Designer to create a provisioning package.

    3.Modify the Routing Policy:

    In your VPN client configuration, define routing policies that specify that only traffic destined for the Microsoft 365 IP ranges should be sent through the VPN.

Resources