Use the Microsoft Office 365 Network Onboarding Tool to validate your VPN Split tunneling configuration.

Today Microsoft announced an update to the Office 365 network onboarding tool. It now detects use of a VPN and evaluates if the VPN is configured for recommended Office 365 split tunneling. With many companies sending employees to work from home scalable and performant VPN implementation supporting Office 365 is one of the top responsibilities that IT faces. Office 365 split tunneling guidance is documented at http://aka.ms/o365vpn.

The Microsoft Office 365 network onboarding tool is located at https://connectivity.office.com. It is an adjunct tool to the network insights and network score information available in the Microsoft 365 Admin Center under the Health | Network Performance menu.

The network insights in the Microsoft 365 Admin Center are based on in-product measurements for your Microsoft 365 tenant. In comparison, the network insights from the Microsoft 365 network onboarding tool are run locally in the tool. Testing that can be done in-product is limited and by running tests local to the user more data can be gathered resulting in deeper insights. Consider then that the network insights in the Microsoft 365 Admin Center will show that there is a networking problem for use of Microsoft 365 at a specific office location. The Microsoft 365 network onboarding tool can help to identify the root cause of that problem leading to a recommended network performance improvement action.

We recommend that these be used together where networking quality status can be assessed for each office location in the Microsoft 365 Admin Center and more specifics can be found after deployment of testing based on the Microsoft 365 network onboarding tool.

Lets have a look how we can download the tool and run it.

Browse to https://connectivity.office.com and prepare the connectivity client. This is done by performing the step below:

  • First we need to add our city and country or click on the Locate me icon.
  • Automatically the tool will start the testing sequence.

As we want to see the VPN results, we are required to run the advanced test. To start the advance test, we need to download the Connectivity Tool. This tool will be downloaded the after entering our tenant name (optional) and pressing the Run Tests button.


The advanced test client has the filename format Connectivity.[guid].exe and it is digitally signed by Microsoft Corporation. It is 2.3 Mb and the prerequisite .NET Core runtime for x64 is 51.9 Mb. Click on Open File and notice that the progress bar start to run again and the Advanced Testing Client will be running.



VPN results show in two lines in the Details and solutions tab. These do not appear if you have not run the advanced test client. The first line identifies if a VPN is in use on the local machine and attempts to identify the name. It shows a red cross if forced tunneling is detected on the VPN. The second line evaluates Office 365 optimize category IP Address ranges and how they are routed.

  • Forced tunnel routing means that all of the optimize category IP Addresses for a workload are sent to the VPN tunnel
  • Split tunnel routing means that none of the optimize category IP Addresses for a workload are sent to the VPN tunnel. This is the recommended configuration
  • Selective tunnel routing means that some but not all of the optimize category IP Addresses for a workload are split out as recommended.

Now click on Details and solutions to see the results of the test. As you can see below, my work laptop is correctly configured for Split Tunneling.


Thanks for reading and try it out for yourself.

Cheers!
Ken

You must be logged in to post a comment.