SD-WAN and Microsoft 365: Optimising Performance for Australian Businesses

Why M365 Performs Poorly Over Traditional Networks

Traditional enterprise network architectures route all internet traffic through a central data centre or head office:

• Brisbane branch user opens Teams → traffic goes to Sydney data centre → then to Microsoft
• Double the latency, double the potential points of failure
• VPN concentrators create bottlenecks during peak usage
• MPLS adds cost and latency for cloud-bound traffic

Microsoft's own connectivity guidelines explicitly state that M365 traffic should bypass these centralised bottlenecks entirely.

Microsoft's Three-Category M365 Traffic Model

Microsoft categorises M365 traffic into three types to guide network policy:

• Optimize: Real-time traffic (Teams audio/video, Exchange sync) — must go direct, never through proxy
• Allow: Core M365 services — should go direct where possible
• Default: Generic Microsoft traffic — can route via proxy/firewall

SD-WAN implements this three-category model natively through application identification and policy routing.

SD-WAN Solution: Direct Internet Breakout

How It Works

• SD-WAN identifies M365 traffic using deep packet inspection
• "Optimize" category traffic routes directly from the branch to Microsoft's nearest edge
• General internet traffic can still route to head office if required
• Security scanning applied at cloud-delivered layer, not on-premises

Australian M365 Front Door Locations

Microsoft has front-door infrastructure in Sydney and Melbourne. Direct breakout connects to:

• Microsoft Azure Peering Service in Sydney (ap-southeast-2)
• Typically 5-15ms from branch to Microsoft edge
• Compare: 40-80ms when routed through Sydney head office from interstate branches

Microsoft Teams Optimisation

QoS DSCP Marking

SD-WAN applies QoS markings that Teams recognises:

• Audio (DSCP EF/46): Highest priority — prevents call drops
• Video (DSCP AF41/34): High priority — smooth video
• Sharing (DSCP AF21/18): Standard priority

Bandwidth Planning for Teams

• 1:1 HD video call: 1.5Mbps per direction
• Group meeting (5 people): 5-8Mbps download
• Teams Phone (VoIP): 0.1Mbps per call
• SD-WAN reserves bandwidth per these requirements during calls

WAN Smoothing for Call Quality

• Forward error correction prevents packet loss from affecting call quality
• Jitter buffer management — smooth audio even over variable links
• Packet duplication across multiple WAN paths for critical calls

SharePoint and OneDrive

• Large file transfers benefit dramatically from direct breakout
• SD-WAN WAN optimisation reduces repeat downloads of unchanged content
• Throttling can be applied to background sync to protect other applications

Exchange Online

• Direct routing ensures Outlook responsiveness
• Autodiscover and calendar sync classified as "Optimize" traffic
• Prioritised over web browsing and general internet traffic

Measuring the Improvement

Microsoft's M365 Network Assessment tool provides a score. Typical results after SD-WAN direct breakout:

• Before: Assessment score 40-60/100, Teams MOS score 3.2
• After: Assessment score 85-95/100, Teams MOS score 4.3+
• Exchange latency: Reduced from 85ms to 18ms (Sydney branch example)

Configuration Steps

1. Enable direct internet breakout on SD-WAN appliances at each branch
2. Import Microsoft's published M365 IP ranges and FQDNs
3. Create application steering rule — M365 "Optimize" IPs route directly
4. Enable QoS DSCP marking for Teams traffic categories
5. Configure WAN Smoothing for real-time traffic classification
6. Monitor via M365 Network Assessment and SD-WAN dashboard

Conclusion

Microsoft 365 is not optional for most Australian businesses — and neither is SD-WAN if you want M365 to perform as designed. Direct internet breakout, application-aware QoS, and WAN smoothing transform M365 from a frustrating experience into a responsive, reliable platform that genuinely improves productivity.