Have you moved to Office365? While this has undoubtedly reduced the overhead and administrative burden on your operations team, the trade off is a loss of visibility into some of the most critical services your business relies on.
This bundle shines a spotlight on the Office 365 traffic traversing your network by utilizing the Office 365 URLs and IP Address Ranges dataset published by Microsoft for each of the O365 service endpoints and supporting services.
Some of the questions answered by this bundle include:
- What is the impact and performance of this new traffic on my network? How is this growing over time?
- Which services are being used by which clients, as well as how much, when, and what is the performance of those connections?
- What is the network performance of each individual Office365 service?
- When issues arise, is it my environment or something within the Office365 cloud?
How is the traffic matched, isn't it encrypted?
Traffic is matched in three different ways, starting with IP Address. When there is no IP match, then an exact hostname match is attempted. ExtraHop derives hostnames a number of different ways. In this case because the majority of the traffic is encrypted, ExtraHop associates IP addresses to hostnames based on watching DNS traffic, and matching certificate hosts and subjects by performing SSL/TLS envelope analysis. When an exact hostname match fails, a final attempt is made against the hostname and certificate subjects using a fuzzy match approach.
The most common method is an exact hostname match, with IP address matches a close second. The fuzzy match method accounts for a rather small percentage. However, full transparency is provided at the bottom of the dashboard, with even further detail available when
Debug mode is enabled for the included trigger.
- (1) Application
- (1) Dashboard
- Office 365
- (2) Dynamic Groups
- HTTP Clients
- SSL Clients
- (1) Trigger
- Office 365 Monitor
ExtraHop version 6.0 or later
This bundle includes two dynamic groups which will auto-populate with all
SSL Clients and
HTTP Clients, providing a plug-n-play deployment. Just be sure to select the
Apply included assignments checkbox when applying the bundle.
NOTE: the included trigger also supports data collected by ExtraHop through NetFlow. Simply assign the
Office365 Monitoring trigger to your desired NetFlow Networks and it will "just work" right out of the box. The most common use for this is remote sites that may have their own Internet connection. The trigger can handle both NetFlow and Wire Data simultaneously, so it's not necessary to pick one or the other!