Enterprise Threat Protector Now Includes One-Click Performance Optimization for Microsoft 365

Microsoft 365 is becoming the essential productivity suite for enterprises. Over 1 million companies have now signed up for the service, and every month there are more than 200 million active users. Microsoft Teams alone has 75 million active users every day.

If your company already uses or is about to start using Microsoft 365, then you need to be aware that the performance of the applications, and hence the end-user experience, is hugely dependent on the underlying network and how your security stack deals with Microsoft 365 traffic. Get it wrong, and you could end up with a lot of help desk tickets and unhappy users.

One challenge with deploying a secure web gateway (SWG) is that many popular SaaS applications do not perform well when users access these via a forward proxy. Microsoft 365 performance in particular can be severely impacted when a forward proxy is introduced — see this Microsoft technical note for more information. Proxying Microsoft 365 traffic through a secure web gateway, and especially performing TLS man-in-the-middle inspection, can have a significant impact on end-user experience. 

Akamai Enterprise Threat Protector, a cloud secure web gateway delivered via our global edge platform, now includes a one-click setting to optimize Microsoft 365 traffic, which reduces deployment complexity and improves end-user experience. Our initial internal performance testing has seen performance improvements of up to 48% in document opening speed. Of course, every company will likely have a different baseline performance based on where it’s located and its network architecture. So why does sending your Microsoft 365 traffic via Enterprise Threat Protector provide these dramatic performance improvements?

The first reason is that activating the one-click Optimize Microsoft 365 Traffic setting uses a list of Microsoft 365 domains and IP addresses that is published and updated by Microsoft. Requests to these domains and IPs are not sent through Enterprise Threat Protector but are sent directly to the Microsoft 365 servers (in line with Microsoft’s recommendations in this technical note). This saves time and effort as it eliminates the need to manually update firewalls and other security products when Microsoft adds new domains or IP addresses.

Secondly, Microsoft 365 data centers are normally very close to Akamai server locations, and in many geographies Akamai servers are interconnected to Microsoft cloud data centers.  

Thirdly, because EDNS0 is supported in Enterprise Threat Protector, the source IP of the request will be used to direct the request to the geographically closest Microsoft 365 data center — as opposed to backhauled DNS solutions, which would direct the request to the data center closest to the corporate DNS resolver. 

All of these combined will deliver end-user experience improvements over connecting to Microsoft 365 servers directly or using an existing backhauled DNS setup to resolve these requests to Microsoft 365.

To find out more about Akamai’s cloud secure web gateway, and how it can help simplify and accelerate your Microsoft 365 deployment and improve end-user experience, visit

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Jim Black. Read the original post at: