Microsoft Network Connectivity Guidance
Microsoft recommends high-quality, low-latency connectivity to achieve optimal performance when connecting to Microsoft applications and services. They advise ensuring that the network path between the end-user device and Microsoft services is as short and direct as possible by using local internet egress close to the user. This enables traffic to reach the nearest Microsoft service front-door location with minimal latency.
Microsoft also notes that forward proxies can negatively impact performance. Routing traffic through a proxy may introduce additional latency, packet loss, or suboptimal routing if the proxy is geographically distant from the user or performs processing such as TLS inspection or content scanning.
Note: These considerations apply to any proxy architecture and are not specific to a particular vendor.
Proxy Considerations
Microsoft Delivery Optimization including Internet Peering is generally not compatible with forward proxy architectures when the proxy and it is recommended to:
- Disable Internet Peering Download Mode option
- Bypass trusted Microsoft update endpoints
- Avoid unnecessary TLS interception
- Optimize Microsoft 365 traffic
- Use Microsoft's supported Delivery Optimization modes
Microsoft Delivery Optimization
Microsoft Delivery Optimization (DO) enables Windows devices to share Windows Updates and Microsoft Store application content with other devices using peer-to-peer (P2P) downloads. Peer discovery can occur across the local network (LAN) or, when configured, across the Internet to reduce bandwidth consumption and improve download efficiency.
- Delivery Optimization Reference https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-reference
- https://learn.microsoft.com/en-us/windows/deployment/update/prepare-deploy-window
- Windows Deployment Guidance
These behaviors are common across many secure web gateway (SWG) and forward proxy solutions, regardless of vendor because Internet Peering relies on devices discovering and communicating directly with one another, proxy interception can prevent peer discovery and significantly reduce or eliminate the benefits of Delivery Optimization.
Recommendation for further information:
- Windows Deployment https://learn.microsoft.com/en-us/windows/deployment/update/prepare-deploy-window
- Disable the delivery optimization by following guidance in https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-reference
- Or bypass the proxy by following the guidance in https://learn.microsoft.com/en-us/windows/deployment/do/delivery-optimization-proxy