VPN Split Tunneling for Microsoft Presence Integration
Contact Us
If you still have questions or prefer to get help directly, please reach out to your technical contact.
Table of Contents
This article assumes you already have Microsoft Presence configured in your Maptician environment.
Introduction: If your organization uses a corporate VPN, configuring split tunneling may be necessary to route Microsoft 365 (Office 365) traffic through a remote public IP while keeping all company-related traffic within the VPN. This setup allows Maptician users to be recognized as “Remote” when accessing Microsoft 365 services.
This guide provides a general overview of how to configure split tunneling in different VPN solutions to exclude Microsoft 365 traffic from the corporate VPN tunnel.
Step 1: Identify Microsoft 365 IP Ranges
Microsoft publishes an up-to-date list of IP addresses and domains used by Microsoft 365 services, which can be found here: 🔗 Microsoft 365 IPs and URLs
Step 2: Configure Split Tunneling According to Your VPN Solution
Step 3: Verify the Configuration
Step 4: Create an IP Range or Ranges in Maptician for the Remote Traffic
In order for users to be recorded a “remote” in Maptician Presence, a “remote” IP range or ranges need to be configured in your Maptician environment. Below are the steps to do this.
This article assumes you already have Microsoft Presence configured in your Maptician environment.
Introduction: If your organization uses a corporate VPN, configuring split tunneling may be necessary to route Microsoft 365 (Office 365) traffic through a remote public IP while keeping all company-related traffic within the VPN. This setup allows Maptician users to be recognized as “Remote” when accessing Microsoft 365 services.
This guide provides a general overview of how to configure split tunneling in different VPN solutions to exclude Microsoft 365 traffic from the corporate VPN tunnel.
Step 1: Identify Microsoft 365 IP Ranges
Microsoft publishes an up-to-date list of IP addresses and domains used by Microsoft 365 services, which can be found here: 🔗 Microsoft 365 IPs and URLs
Step 2: Configure Split Tunneling According to Your VPN Solution
- Configuration will vary by solution.
Step 3: Verify the Configuration
- Verify that Microsoft 365 traffic is being routed over the remote IP by checking the Microsoft sign-in logs.
- Test other non-Microsoft 365 traffic to ensure it goes through the VPN as expected.
Step 4: Create an IP Range or Ranges in Maptician for the Remote Traffic
In order for users to be recorded a “remote” in Maptician Presence, a “remote” IP range or ranges need to be configured in your Maptician environment. Below are the steps to do this.
- In your Maptician environment, go to IT & Cloud > IP Range Management.
- Click on “MANAGE RANGES” and select “CREATE RANGE”. The “Create new IP Range” window will open.
- Enter the required information for each IP Range and then click the green “CREATE” button. Repeat the process for each range you want to create.
-
In the example shown above, there are 3 existing office public IP ranges. In order for remote users to be properly logged as remote, you will need to define IP ranges that exclude those specified IPs. To do this, you need to break the full range (0.0.0.0 - 255.255.255.255) into smaller subranges that do not overlap with the existing public office IPs. In this example, those IPs would be:
- 0.0.0.0 - 24.50.81.189 (Ends just before 24.50.81.190)
- 24.50.81.201 - 54.33.21.29 (skips 24.50.81.190 - 24.50.81.200)
- 54.33.21.51 - 162.210.5.162 (skips 54.33.21.30 - 54.33.21.50)
- 162.210.5.164 - 255.255.255.255 (skips 162.210.5.163)
- The newly added “Remote” ranges will appear as shown below:
- If the VPN is correctly configured to split Microsoft 365 traffic, remote users connected to the corporate VPN should now have their Microsoft 365 service traffic (such as OWA, SharePoint, or Teams) logged under one of the "Remote" IP ranges.