Use Case

Provide End Users
the Best Experience
when Using Microsoft 365

The iboss Zero Trust SASE is the Centerpiece to Microsoft 365 Initiatives

The Microsoft 365 suite provides organizations a substantial suite of productivity tools, including Microsoft 365 email, Microsoft Teams online meetings, Identity and Authentication with ADFS, cloud computing with Azure and security via Microsoft Cloud App Security and Microsoft Sentinel. These applications are based in the cloud and accessible from anywhere making end users productive when working from the office or working from home. To get the most out of Microsoft 365, end users must have fast and secure connections to the Microsoft 365 suite. This includes fast connections when users work from home using their high-speed broadband connections.

The iboss Zero Trust SASE  enables users to get to the Microsoft front door faster and more efficiently while ensuring security and compliance, without compromising speed. That’s because users can connect to Microsoft directly through the iboss cloud platform without backhauling their network data through unnecessary hops, such as a VPN. Backhauling data from remote workers to the data center before routing the data to Microsoft 365 is not only inefficient and not recommended by Microsoft, it also guarantees end-users will have slower connections resulting in a poor experience and less productivity. The iboss cloud platform not only provides end users with fast connections to all of Microsoft 365, it is tied across the Microsoft 365 suite to enable organizations to get the most out of this valuable investment.  Our approach has resulted in iboss being  a certified Microsoft Networking Partner.

The Problem

In the pre-cloud era, network and security administrators were forced to send traffic for remote users through slow VPNs to access company applications and resources. In addition, in order to apply security and visibility to prevent malware and data loss, traffic is forced through the VPN to run that traffic through network security appliances, such as proxies, that live in the company data center. Microsoft 365 changes everything, making productivity applications available to users outside of the office by delivering those applications in the cloud. Network and security administrators still need to inspect connections to the cloud from end users to reduce risk, by preventing phishing, malware and data loss. Since users are working out of the office on untrusted connections, allowing direct access to the cloud is risky and almost certain to result in a breach or increased liability. The typical solution is to send that data through a VPN to be scanned by network security equipment sitting at the data center.

This poses a problem. The bandwidth available to end users through the VPN is limited. It is limited by the capacity of the VPN infrastructure. It is limited by the capacity of the network security equipment, including the proxies which inspect the data. It is limited by the amount of bandwidth available at the data center or corporate office. To make things worse, all of those items were scoped to protect a limited amount of traffic since users were restricted to the office. Users working from home have exponentially more bandwidth than any single office given consumer bandwidth is inexpensive and virtually everyone is now working from home.

Typical Complaints and Challenges

Remote workers complaining about slow connections to Microsoft 365 and email

Remote workers complaining about poor quality online meetings through Teams due to slow connections

Remote workers complaining about slow access to critical applications making it difficult to complete work

Network and security teams worried about the lack of visibility for the remote work force

Network and security teams worried about security and compliance risks as users work outside of the office on untrusted networks

How the Solution Works

Since the iboss cloud platform runs in the cloud, users are connected directly through the iboss cloud platform while they access the complete Microsoft 365, including email, Microsoft Teams and virtually everything else Azure has to offer. Since the connections are going through the iboss cloud platform at all times, network and security administrators have exactly the same visibility and security coverage as they would if those users were working from the office. In addition, users can leverage their bandwidth directly, without sending that bandwidth through the VPN, to get the most out of the Microsoft 365 suite and any other cloud application on the Internet.

If users are using VPNs, traffic from the VPN is offloaded using split tunneling. Only traffic that will end up in the office should be sent through the VPN while all other traffic, the vast majority of it, is sent through the iboss cloud. The split tunneling works by setting iboss as the default VPN route. The specific office destinations are configured as explicit routes. The iboss agents are completely compatible with all VPN clients, run silently, can be pushed out via bulk deployment methods instantly and have the ability to send ALL cloud traffic through the iboss cloud service for inspection and protection.

1

Bad

Sending all traffic through a VPN to a datacenter hosting proxy appliances is the worst case scenario and will lead to slow and unusable connections for users, especially remote workers.

2

Better

Leverage iboss as your Secure Access Service Edge (SASE) platform for internet bound traffic. Offloading Internet bound traffic to iboss while only sending traffic that terminates at the office through the VPN will greatly improve the end user experience by increasing connection speeds dramatically. The iboss cloud connector takes the default route on the end user device and automatically redirects all non-private traffic through iboss cloud for security. This improves user productivity and streamlines connections to Microsoft 365, Zoom, Teams, and other cloud applications. It also reduces the proxy and network security appliance footprint and the data center as all heavy traffic processing is performed within iboss cloud which has infinite scale.

3

Best

Leverage iboss as your Secure Access Service Edge (SASE) platform for ALL network traffic, both public and private, so that users are connected directly to any cloud resource quickly and securely. Sending all traffic through iboss cloud, both private and public, connects users to all cloud resources quickly and securely based on user identity and role. It eliminates costs by eliminating proxy and network security appliances hosted at the data center or office by performing security functions in the cloud and eliminating VPN infrastructure. Users connect to iboss cloud and all traffic to Microsoft 365, cloud applications and video conference apps such as Zoom and Microsoft Teams is sent directly from the user to the cloud application with no extra hops to on-prem infrastructure. Since iboss is connected to all resources, public and private, it can connect users directly to those resources based on user role with speed and security while greatly reducing infrastructure costs, management costs and improving user productivity as they work with the network speed necessary to use cloud applications efficiently. The iboss platform is the premier SASE and Zero Trust platform that is the center piece of your cloud transformation.

The iboss platform includes agents for virtually every operating system and can also be pushed by MDM. User connections to all cloud applications will immediately improve as there are no restrictions in the amount of bandwidth the iboss cloud platform can handle. The agent also takes care of all technical details automatically, such as installing the root MITM decryption certificate to inspect all HTTPS traffic.

As a Microsoft Intelligent Security Association (MISA) Member, iboss is Integrated Across the Microsoft Portfolio

The iboss platform is natively integrated with Microsoft 365. As a Zero Trust platform, the iboss Zero Trust SASE can grant or deny access to cloud resources based on user context by connecting user security groups from Azure ADFS automatically. The built-in iboss cloud CASB visibility can be tied to Microsoft Defender for Cloud Apps (MDCA), so that policies configured in MDCA automatically sync to the inline data path protected by iboss. Logs generated from a remote work force can be connected with Sentinel to provide more visibility and context to security admins. Any infrastructure running the Azure cloud can have their connections automatically secured by the iboss platform with a few clicks without ever deploying a virtual firewall providing true, complete SaaS network security. The following shows how iboss provides the “centerpiece” for any Microsoft 365 strategy, by providing the fastest and most secure connection to the cloud and to the Microsoft 365 suite.

Instant Benefits and Savings

With users connected to the Microsoft 365 without slowdown, productivity and end user experience improves instantly. This results in more valuable output from critical employee resources. In addition, the elimination of proxy and other network security appliances results in the reduction of the data center footprint and large reductions in infrastructure costs. The savings continue as the iboss cloud platform eliminates the need to purchase more network proxies or VPN infrastructure as remote worker cloud application use and bandwidth increases over time. Worrying about remote work and increasing encrypted bandwidth no longer becomes the top priority on the IT’s list.

Take the next step in shifting to the world’s largest security platform built for the future.

Sign up for a demo to see how the iboss Zero Trust SASE prevents breaches by making applications, data and services inaccessible to attackers while allowing trusted users to securely and directly connect to protected resources from anywhere.