Let’s talk about something that can give your Microsoft 365 experience a serious upgrade and no, it won’t cost you anything extra if you already have an Entra ID P1 or P2 license (and chances are, you do!).
Meet the M365 Traffic Profile: your new best friend for faster, safer, and smarter Microsoft 365 traffic routing. Think of it as the express lane for your data, bypassing digital potholes and detours so your favorite apps like Teams, Exchange Online, and SharePoint Online can zoom along without a hitch.
Why You’ll Love the M365 Traffic Profile
(And yes, this might start sounding like a late-night infomercial… but stick with me!)
Speed!
By routing Microsoft 365 traffic through a dedicated pathway, you cut down on latency. That means faster load times, smoother video calls, and way fewer “Why is this taking forever?!” moments.
Security Like a Secret Agent
The real kicker? This feature adds a strong line of defense against Adversary-in-the-Middle (AITM) attacks. It ensures that your organization’s data gets from point A to B without any unwanted guests listening in.
One Less IT Headache
But wait, there’s more! Centralized control of network traffic makes it easier for your IT team to manage and troubleshoot. Less time fiddling with configs equals more time for coffee breaks and catching up on other priorities.
Setting Up the M365 Traffic Profile
Getting started with the M365 Traffic Profile is straightforward. Here’s a step-by-step guide to help you set it up:
Log into Entra and head to Global Secure Access > Connect > Traffic forwarding, then flip the switch to enable the Microsoft Traffic Profile.
Configure your Microsoft Traffic Policies. In our example, we’re forwarding traffic like outlook.cloud.microsoft on ports 80 and 443. But for SMTP (*.mail.protection.outlook.com on port 25), we’re skipping it.
We then will turn this on for all users. We will get granular when we set up the CA policies.
For my demo, I will select all users. You can just as easily assign this to a pilot group. Note that if you do assign all users, the group option will disappear.
I will not turn this into a CA policy blog, so I’ll keep this policy simple.
- Assign your pilot users.
- Select Office 365 application.
- Exclude Compliant Network Locations.
- Grant a “Block” Access.
Now, on a PC without the GSA client installed, a user gets blocked when trying to connect to Office 365 because our policy says, “Not today, buddy.”
Now to install the GSA Client. As soon as they install the GSA client? Smooth sailing!
Bonus: Troubleshooting Like a Pro
Just when you thought it couldn’t get any easier… enter the bonus round!
If something feels off during testing, don’t panic. Fire up GSA Advanced Diagnostics as an admin. It shows your current rules and includes a Policy Tester to check individual FQDNs or IPs. Boom. Instant clarity.
Wrap-Up: Hit the Fast Lane Today
But wait, there’s STILL more! All of this goodness is already covered by your existing Entra ID P1 or P2 license. No extra charge, no gimmicks, just pure Microsoft magic.
So why wait? You already have the license. Turn on the M365 Traffic Profile and give your Microsoft 365 traffic the red-carpet treatment. More speed, less risk, and fewer IT headaches. What’s not to love?
