Azure ExpressRoute when it launched back in 2014 was for me, one of the most exciting propositions with Azure. The ability to rapidly provision, scale and consume PaaS and IaaS resources in the Microsoft Cloud however it lacked one thing and that was Office 365. Whilst many, many customers are adopting Office 365, having that traffic routed out over your internet connection for some people is seen as a security concern and for others it’s a bandwidth problem they just don’t want to deal with.
Earlier this week, the Office Team has posted a blog at http://blogs.office.com/2015/03/17/announcing-azure-expressroute-connectivity-to-office-365/ that Office 365 over Azure ExpressRoute is on the way although sadly not until Q3 2015.
The wait aside, this is great news both for customers seeking the maximum performance for their Office 365 deployments and their on-premise users and great news because it is another string in the public cloud productivity suites’ bow. I look forward to seeing that make it to the mainstream and seeing it in action.
In one of my recent sessions with a customer, the customer expressed an interest in protecting their communication between Office 365 and their on-premise environment for the purposes of making their directory synchronization server traffic invisible to the outside world. This got me thinking about Azure ExpressRoute which we know can provide very fast connectivity between your on-premise environments and Azure if you are using a supported MPLS network provider.
The customer in question is using Level 3 Networks as their carrier and Level 3 are on the supported carriers list for ExpressRoute on the ExpressRoute Technical Overview page at https://msdn.microsoft.com/en-us/library/azure/e224be0a-d7b2-4514-b868-86d61cee0ead#bkmk_Connection so I looked into it a little bit further as this was a really interesting proposition – to have Office 365 SaaS managed productivity with Exchange, SharePoint and Lync but to have all of the sync traffic traffic privately routed over ExpressRoute so that you weren’t passing any of that data over the public network (albeit encrypted with HTTPS SSL).
When I looked further, I found that on the ExpressRoute FAQ page at https://msdn.microsoft.com/library/azure/dn606292.aspx it explicitly defines which Azure services are accessible over an ExpressRoute connection and Azure Active Directory (AAD) is not listed nor is anything in relation to Office 365.
Unfortunately, it seems that this isn’t possible right now but it would be nice to see something added in the future to allow AAD to be access over ExpressRoute to allow us to hide and conceal our ADFS or AADSync traffic as this may well answer a security question that some more conscious customers have. The other reason this would be nice as it means we can have our internal users accessing their mail and SharePoint via the ExpressRoute connection so they will get a faster experience that over the companies internet link. Right now however, the best use case for ExpressRoute in my opnion is Azure RemoteApp, allowing you move some or all of the Remote Desktop Services terminal server farms that you may have to Azure and offload your RemoteApp applications to the cloud.