Can we Route Microsoft 365 Traffic such as SharePoint ,teams and OneDrive over AZURE VPN Gateway to Microsoft server's?

Dhanush N 11 Reputation points
2022-11-07T13:31:10.18+00:00

In our office environment we are thinking of Configuring Site to Site Azure VPN gateway to connect to some of the VM's hosted on Azure Platform. I wanted to know is there a way to route all Office 365 App Internet Traffic such as Teams, SharePoint, OneDrive and Outlook over Azure VPN Gateway and directly to the Microsoft Office Server's. so this will be added layer of security (along with conditional access) as the traffic need's to flow inside the Azure VPN Gateway. Can someone please tell me how this can be done?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,379 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,139 questions
Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
322 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,617 questions
Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
4,885 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,256 Reputation points Microsoft Employee
    2022-11-08T04:36:02.53+00:00

    Hi,

    With Azure VPN gateway you will not be able to forward SharePoint and office 365 traffic. Azure VPN gateway is used for private connectivity between your On-Premises and Azure vnet.

    You will need to use Express route with Public peering to route Office 365 traffic over a L2 link to Azure.

    Regards,
    Karthik Srinivas

    0 comments
  2. Bas Pruijn 946 Reputation points
    2022-11-15T13:39:21.273+00:00

    If you really, really, really want this, you would need to set up a proxy server on a VM in Azure and use this proxy server for connections to SharePoint, Onedrive and Teams. I really doubt that teams will follow your proxy setup though.

    Furthermore, from your proxy server, the traffic will be routed via the internet anyhow.

    Of course, as @msrini-MSFT stated, you can use Express route with Microsoft peering (not public peering; public peering is not available anymore for new express routes). See also https://learn.microsoft.com/en-us/azure/expressroute/expressroute-circuit-peerings#microsoftpeering

    Keep in mind that Microsoft advises AGAINST this setup (https://learn.microsoft.com/en-us/microsoft-365/enterprise/azure-expressroute?view=o365-worldwide).

    We do not recommend ExpressRoute for Microsoft 365 because it does not provide the best connectivity model for the service in most circumstances. As such, Microsoft authorization is required to use this connectivity model for Microsoft 365. We review every customer request and authorize ExpressRoute for Microsoft 365 only in the rare scenarios where it is necessary. Please read the ExpressRoute for Microsoft 365 guide for more information and following a comprehensive review of the document with your productivity, network, and security teams, work with your Microsoft account team to submit an exception if needed. Unauthorized subscriptions trying to create route filters for Office 365 will receive an error message.

    Can you elaborate on your use case for wanting to use VPN to access M365?

    0 comments