Exclude MS Teams traffic

Chess Norris · ‎11-28-2022

Hello,

Is anyone using split tunneling to exclude MS Teams traffic?

We are using a "tunnel all" policy for our RA VPN users, but some users have issues when using MS teams and we want to implement split tunneling to exclude the MS teams traffic from being tunneled.

My initial thought was to use dynamic split tunneling and exclude all traffic to *.teams.microsoft.com, but according to this guide -Securing Teams media traffic for VPN split tunneling it says "Some VPN client software allows routing manipulation based on URL. However, Teams media traffic has no URL associated with it, so control of routing for this traffic must be done using IP subnets"

So should we instead exclude the subnets described here under "Optimize IP address ranges"? https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide

Thanks

/Chess

Milos_Jovanovic · ‎11-28-2022

Hi @Chess Norris,

I'm using split-exclude quite often. I've tried playing around with excluding domains, but that wasn't working for me at that time. Instead, I'm excluding only "Optimize Required" traffic from this link - scopes 13.107.64.0/18, 52.112.0.0/14, 52.120.0.0/14. This is usually providing regullar RTP experience - video and audio are working smoothly, and screen sharing is not being delayed.

Kind regards,

Milos

Chess Norris · ‎11-29-2022

Thank you Milos,

Do you have any idea on how often those addresses change? We will probably subscribe to the RSS feed to get notification, but I'm curious if you noticed any changes of addresses since you started excluding those subnets?

Best regards

/Chess

Milos_Jovanovic · ‎11-29-2022

I configured those 3 like 2-3 years ago, and havent changed since.

Kind regards,

Milos