For UK businesses running Microsoft 365 as their core productivity platform, network performance is everything. Slow Teams calls, lagging SharePoint uploads, and unreliable OneDrive sync can cripple productivity across an entire organisation. Yet many businesses invest heavily in M365 licensing without giving a second thought to the network infrastructure that carries all that traffic. Cisco Meraki’s cloud-managed networking platform offers one of the most effective ways to optimise your network specifically for Microsoft 365 — delivering measurable improvements in call quality, application responsiveness, and overall user experience.
At Cloudswitched, we’ve deployed Meraki alongside Microsoft 365 for hundreds of UK organisations, from 20-person offices in Manchester to multi-site enterprises across London, Birmingham, and Edinburgh. This guide walks you through the complete integration — covering SD-WAN configuration, traffic shaping, QoS policies, Meraki Insight monitoring, Azure AD integration, and the direct internet breakout strategies that make the biggest difference to real-world M365 performance.
Why Microsoft 365 Demands a Smarter Network
Microsoft 365 is not a simple web application. It is a collection of over 30 interconnected cloud services — Exchange Online, SharePoint, OneDrive, Teams, Planner, Power BI, Intune, and many more — each with different traffic profiles, latency sensitivities, and bandwidth requirements. Teams alone generates real-time audio and video streams that require consistently low latency (under 50ms), minimal jitter (under 30ms), and near-zero packet loss. SharePoint and OneDrive, by contrast, are throughput-heavy services that benefit from large available bandwidth but are more tolerant of latency variations.
Traditional network architectures — where all branch office traffic is backhauled through a central data centre before reaching the internet — are fundamentally incompatible with M365’s cloud-first design. Microsoft itself publishes detailed guidance urging organisations to implement local internet breakouts at each branch, avoid proxy servers for M365 traffic, and prioritise Teams media streams above all other traffic. Meraki’s SD-WAN and traffic management capabilities make this straightforward to implement at scale.
Meraki SD-WAN and Microsoft 365 Optimisation
Cisco Meraki MX appliances include built-in SD-WAN capabilities that are ideally suited to M365 optimisation. The Meraki dashboard allows you to configure intelligent path selection, application-aware routing, and automatic failover — all critical for maintaining consistent M365 performance across multiple WAN links.
Configuring Direct Internet Breakout for M365
The single most impactful change you can make is implementing direct internet breakout for Microsoft 365 traffic at each branch location. Rather than routing M365 traffic back through a central hub — adding latency, consuming expensive MPLS bandwidth, and creating a single point of failure — direct breakout sends M365 traffic straight to Microsoft’s nearest front-door servers.
In the Meraki dashboard, this is achieved through a combination of traffic shaping rules and SD-WAN policies. Navigate to Security & SD-WAN > SD-WAN & Traffic Shaping and create a new rule targeting Microsoft 365 traffic. Meraki automatically recognises M365 services through its deep packet inspection engine and maintains an up-to-date list of Microsoft’s published IP ranges and URLs. You can set the preferred uplink to your direct internet connection (typically a broadband or DIA circuit) rather than your MPLS or VPN tunnel.
For organisations with dual internet links, Meraki’s SD-WAN will automatically route M365 traffic over the best-performing link based on real-time latency, jitter, and packet loss measurements. If the primary link degrades, traffic seamlessly fails over to the secondary connection — often before users even notice an issue.
Enable direct internet breakout for all M365 “Optimize” and “Allow” category endpoints. Microsoft publishes these categories specifically to help network administrators prioritise traffic. The “Optimize” category covers Teams media, Exchange Online connectivity, and SharePoint/OneDrive — these should always bypass proxies and go direct. Configure Meraki to use split tunnelling so only non-M365 traffic traverses your VPN or MPLS links.
SD-WAN Performance Policies for M365 Applications
Meraki’s SD-WAN performance policies let you define how different M365 applications should behave across your WAN links. For each policy, you can set performance thresholds that trigger automatic path switching. For Teams, we recommend setting a latency threshold of 100ms, jitter threshold of 30ms, and packet loss threshold of 1%. If any link exceeds these thresholds, Meraki will automatically move Teams traffic to a better-performing path.
For SharePoint and OneDrive, the priority shifts from latency to throughput. Configure these services to prefer whichever WAN link offers the highest available bandwidth, which is particularly valuable during large file synchronisation operations or when multiple users are uploading documents simultaneously.
Traffic Shaping and QoS for Microsoft Teams
Microsoft Teams is the most network-sensitive application in the M365 suite. Poor call quality, video freezing, and dropped meetings are almost always caused by network issues rather than Microsoft service outages. Meraki’s traffic shaping engine gives you granular control over how Teams traffic is prioritised across your network.
Configuring QoS Policies for Teams Media Streams
Teams generates three distinct types of media traffic, each requiring different QoS treatment. Audio streams are the highest priority — they consume relatively little bandwidth (approximately 50–100 Kbps per call) but are extremely sensitive to latency and jitter. Video streams require more bandwidth (1.5–4 Mbps for HD video) and are moderately latency-sensitive. Screen sharing uses variable bandwidth depending on content complexity and is the most tolerant of the three.
In the Meraki dashboard, navigate to Security & SD-WAN > SD-WAN & Traffic Shaping and configure the following QoS settings for Teams:
| Traffic Type | DSCP Marking | Bandwidth Limit | Priority Level | Port Range |
|---|---|---|---|---|
| Teams Audio | EF (46) | Unlimited | Highest | UDP 50000–50019 |
| Teams Video | AF41 (34) | Per-user cap recommended | High | UDP 50020–50039 |
| Teams Screen Share | AF21 (18) | Per-user cap recommended | Medium | UDP 50040–50059 |
| SharePoint/OneDrive | AF11 (10) | Throttle during peak hours | Normal | TCP 443 |
| Exchange Online | AF31 (26) | Unlimited | High | TCP 443, 993, 587 |
| General M365 Web | CS0 (0) | Standard shaping | Normal | TCP 443 |
These DSCP markings align with Microsoft’s own recommendations and ensure that Teams audio always receives preferential treatment across your entire network path. On Meraki MR wireless access points, ensure that WMM (Wi-Fi Multimedia) is enabled so that DSCP markings are preserved over wireless connections — a step that many IT teams overlook.
Bandwidth Allocation and Per-Application Limits
Meraki’s traffic shaping allows you to set bandwidth limits and guarantees on a per-application basis. For a typical UK office with 50 users and a 200 Mbps internet connection, we recommend reserving at least 30% of bandwidth for Teams media traffic during business hours. This ensures that even when someone initiates a large SharePoint migration or bulk file upload, Teams calls remain crystal clear.
You can also configure per-client bandwidth limits to prevent any single user from monopolising available bandwidth. Setting a per-client cap of 20 Mbps for general browsing while leaving Teams traffic uncapped is an effective approach that maintains fairness without impacting call quality.
The most frequent mistake we see in UK deployments is routing Teams media traffic through a web proxy or SSL inspection appliance. This adds latency, breaks UDP connectivity, and destroys call quality. Microsoft explicitly states that Teams “Optimize” category traffic must bypass all proxy servers, SSL inspection, and packet inspection devices. Other common errors include failing to open the required UDP port ranges (50000–50059) on local firewalls, using TCP fallback instead of UDP for media streams, and neglecting to configure QoS on wireless access points where most Teams calls now originate.
Meraki Insight for Microsoft 365 SaaS Monitoring
One of Meraki’s most powerful features for M365 integration is Meraki Insight — a SaaS monitoring tool built directly into the dashboard. Insight provides end-to-end visibility into how your users experience Microsoft 365 applications, measuring performance from the client device through your local network, across the WAN, and into Microsoft’s cloud infrastructure.
Setting Up M365 Monitoring in Meraki Insight
To enable Insight monitoring for Microsoft 365, navigate to Insight > Web App Health in the Meraki dashboard. Add Microsoft 365 as a monitored application — Meraki provides pre-built profiles for M365, Teams, SharePoint, and Exchange that automatically track the correct endpoints. Insight then begins collecting performance data including HTTP response times, DNS resolution times, server processing times, and network round-trip times.
The real power of Insight is its ability to decompose the total user experience into distinct segments. If a Teams call is experiencing poor quality, Insight can show you whether the problem is on the local LAN (perhaps a congested wireless access point), the WAN link (high utilisation or packet loss), or Microsoft’s own infrastructure (a rare but not impossible scenario). This segmented view dramatically reduces troubleshooting time — from hours of guesswork to minutes of targeted investigation.
Proactive Alerting and Baseline Performance
Configure Insight alerts to notify your IT team when M365 performance drops below acceptable thresholds. We recommend setting alerts for when Teams response times exceed 200ms, when SharePoint page load times exceed 3 seconds, or when Exchange Online connectivity drops below 99.5% availability. These alerts can be sent via email, webhook, or integrated with your existing ITSM platform through the Meraki API.
Over time, Insight builds a performance baseline for each M365 application across each of your sites. This historical data is invaluable for capacity planning, SLA reporting, and identifying gradual performance degradation before it becomes a user-impacting incident. Several of our UK clients use Insight data in their monthly IT governance reports to demonstrate the value of their network investment to senior leadership.
Meraki MX Firewall Rules for Microsoft 365
Properly configuring your Meraki MX firewall is essential for M365 to function correctly. Microsoft publishes a regularly updated list of IP addresses and URLs that must be accessible from your network. Getting this wrong is one of the most common causes of M365 connectivity issues we encounter during deployments across the UK.
Microsoft’s Endpoint Categories
Microsoft classifies its M365 endpoints into three categories, each requiring different firewall treatment:
Optimize endpoints are the most critical. These cover Teams media, Exchange Online core connectivity, and SharePoint/OneDrive. They should bypass all proxies, firewalls with deep packet inspection, and SSL decryption. On your Meraki MX, create allow rules for the published IP ranges and ensure these rules sit at the top of your firewall policy so they are evaluated first.
Allow endpoints cover broader M365 functionality. These can pass through standard firewalls but should still bypass proxy servers where possible. The Meraki MX handles these well with its default outbound allow policy, but you should verify that no overly restrictive rules are blocking access to the required ports and protocols.
Default endpoints can be treated like normal internet traffic. They do not require special firewall rules and can be routed through standard proxies and security appliances.
Automating Endpoint Updates
Microsoft updates its endpoint list monthly, adding and removing IP addresses and URLs as their infrastructure evolves. Manually maintaining firewall rules for these changes is impractical and error-prone. Meraki’s integration with Microsoft’s endpoint service simplifies this — the dashboard automatically recognises M365 traffic through its application signatures, which are updated regularly by Cisco’s Talos intelligence team.
For organisations requiring more granular control, the Meraki API can be used to programmatically update firewall rules based on Microsoft’s endpoint web service. Several of our enterprise clients in the City of London run automated scripts that pull the latest endpoint data from Microsoft and push updated rules to their Meraki MX appliances across all branch locations — ensuring compliance without manual intervention.
Azure AD Integration with Meraki
Integrating Meraki with Microsoft Entra ID (formerly Azure Active Directory) creates a unified identity layer across your network and cloud services. This integration enables single sign-on for Meraki dashboard access, certificate-based authentication for wireless networks, and conditional access policies that combine network location awareness with identity verification.
SAML-Based Single Sign-On
Configure SAML authentication between Meraki and Entra ID to enable your IT administrators to access the Meraki dashboard using their existing Microsoft credentials. This eliminates the need for separate Meraki passwords, enforces your organisation’s MFA policies on dashboard access, and simplifies user lifecycle management — when an administrator leaves the organisation and their Entra ID account is disabled, their Meraki access is automatically revoked.
802.1X Wireless Authentication with Entra ID
Meraki MR access points support 802.1X authentication, which can be integrated with Entra ID through a RADIUS proxy or Microsoft NPS (Network Policy Server). This allows employees to connect to the corporate Wi-Fi network using their M365 credentials, with Meraki applying the appropriate group policies based on their Entra ID group membership. For example, members of the “Finance” group might receive access to the finance VLAN with higher bandwidth allocation, while “Guest” users are placed on a restricted VLAN with limited internet access.
Conditional Access and Network Awareness
By combining Meraki’s network data with Entra ID conditional access policies, you can create sophisticated access controls. For instance, you might allow unrestricted M365 access from devices connected to your Meraki-managed corporate network, but require additional MFA steps and restrict certain applications when users connect from unmanaged networks. This layered approach significantly strengthens your security posture without adding friction for on-premises users.
Optimised M365 Network (Meraki)
Unoptimised M365 Network
Monitoring M365 Performance Through the Meraki Dashboard
The Meraki dashboard provides several layers of M365 performance monitoring beyond Insight. Understanding how to use these tools effectively is essential for maintaining optimal M365 performance across your organisation.
Network-Wide Application Visibility
Under Network-wide > Traffic Analytics, Meraki provides a breakdown of all application traffic traversing your network. Filter by Microsoft 365 to see real-time and historical bandwidth consumption for each M365 service. This view helps identify unexpected usage patterns — for example, if OneDrive sync is consuming disproportionate bandwidth during business hours, you might schedule large sync operations for off-peak periods using Meraki’s time-based traffic shaping rules.
Client-Level Troubleshooting
When individual users report M365 issues, the Meraki client detail page provides a wealth of diagnostic information. You can see the client’s wireless signal strength, the access point they are connected to, their VLAN assignment, and a breakdown of their application usage. Combined with Insight data, this allows you to quickly determine whether a user’s Teams quality issues are caused by their wireless connection (perhaps they are too far from the nearest AP), a network-level problem (congestion or misconfiguration), or an upstream issue.
Event Logging and API Integration
Meraki’s event log captures every significant network event, from firewall blocks and DHCP assignments to VPN tunnel status changes and AP reboots. For M365 troubleshooting, pay particular attention to firewall deny events (which might indicate blocked M365 endpoints) and VPN tunnel flaps (which could explain intermittent connectivity for backhauled traffic). The Meraki API exposes this data programmatically, enabling integration with SIEM platforms like Microsoft Sentinel, Splunk, or Elastic for centralised security monitoring.
UK Business Case Studies
The real-world impact of integrating Meraki with Microsoft 365 is best illustrated through the experiences of UK organisations that have undertaken this journey.
Professional Services Firm in London (120 Users)
A mid-sized accounting firm in Canary Wharf was experiencing persistent Teams call quality issues across their three London offices. With 120 employees relying on Teams for client calls, internal collaboration, and video consultations, poor call quality was directly impacting client relationships and billable productivity. Their existing network consisted of single internet connections at each site with all traffic routed through a central firewall in their main office.
After deploying Meraki MX appliances with SD-WAN and dual internet connections at each site, the firm saw Teams call drop rates fall from 8% to under 0.3%. SharePoint response times improved by 65%, and the firm’s IT manager reported that M365-related support tickets dropped by over 70% in the first quarter. The total project cost, including three years of Meraki licensing, came to approximately £35,000 — a figure the firm’s partners considered excellent value against the productivity gains.
Multi-Site Retailer in the Midlands (15 Locations)
A retail chain with 15 stores across the West Midlands and 400 employees needed to standardise their M365 deployment. Each store had a different ISP, different networking equipment, and no centralised management. Teams was unusable at several locations, and OneDrive sync frequently failed during business hours, leaving staff working from outdated documents.
The Meraki deployment standardised networking across all 15 locations with MX security appliances, MR wireless access points, and MS switches. Meraki’s template-based configuration meant that M365 optimisation policies could be defined once and pushed to all sites simultaneously. Within weeks of deployment, Teams became fully functional at every location, OneDrive sync reliability reached 99.9%, and the central IT team gained complete visibility into network performance at every store through a single dashboard. The annual cost savings from eliminating disparate ISP management contracts and reducing on-site engineer visits exceeded £22,000.
NHS Trust in Yorkshire (2,000+ Users)
A large NHS Trust in Yorkshire was migrating from on-premises Exchange to Microsoft 365 as part of a broader digital transformation initiative. With over 2,000 staff across hospitals, clinics, and community health centres, the network needed to support mission-critical M365 services including Teams for clinical consultations, SharePoint for document management, and Intune for device management. The Trust deployed Meraki across 40+ sites with Insight monitoring, enabling the IT team to proactively identify and resolve M365 performance issues before they impacted clinical services. The integration with Entra ID and Meraki’s wireless authentication meant that clinical staff could move between sites and automatically reconnect to the network with the appropriate access policies applied.
Meraki M365 Integration Features at a Glance
| Feature | Meraki Product | M365 Benefit | Configuration Complexity |
|---|---|---|---|
| SD-WAN Path Selection | MX Security Appliance | Optimal routing for Teams media and M365 traffic | Low |
| Direct Internet Breakout | MX Security Appliance | Reduced latency for all M365 services | Low |
| Traffic Shaping & QoS | MX + MR | Prioritised Teams audio/video, fair bandwidth allocation | Medium |
| Meraki Insight | MX (with Insight licence) | End-to-end M365 performance visibility | Low |
| Firewall Policy Automation | MX Security Appliance | Automatic M365 endpoint recognition and allow rules | Low |
| SAML SSO with Entra ID | Dashboard + Entra ID | Unified admin access, MFA enforcement | Medium |
| 802.1X Wireless Auth | MR Access Points | M365 credential-based Wi-Fi, group policies | High |
| Application Visibility | MX + MR + MS | Per-app, per-user M365 bandwidth monitoring | Low |
| Auto VPN for Branch Sites | MX Security Appliance | Secure inter-site M365 access with one-click VPN | Low |
| API & Webhook Integration | Dashboard API | Automated monitoring, SIEM integration, custom alerts | High |
Planning Your Meraki and M365 Integration
Successfully integrating Meraki with Microsoft 365 requires careful planning and a phased approach. Based on our experience delivering these projects for UK organisations, we recommend the following methodology.
Phase 1: Assessment and Baseline (Weeks 1–2)
Before making any changes, establish a performance baseline for your current M365 experience. Use Microsoft’s Network Connectivity Test tool and the M365 Admin Centre’s network connectivity insights to measure current latency, throughput, and DNS resolution times to Microsoft’s services. Document existing network architecture, including WAN links, firewall rules, proxy configurations, and DNS settings at each site. This baseline data is essential for measuring the impact of your Meraki deployment and justifying the investment to stakeholders.
Phase 2: Design and Configuration (Weeks 2–4)
Design your Meraki deployment with M365 optimisation as a primary objective. This includes sizing MX appliances for each site based on user count and bandwidth requirements, planning SD-WAN topology with dual WAN links where possible, designing QoS policies for Teams and other M365 applications, and configuring Insight monitoring profiles. Create Meraki configuration templates so that consistent M365 policies can be applied across all sites without manual per-site configuration.
Phase 3: Deployment and Validation (Weeks 4–8)
Deploy Meraki appliances in a phased manner, starting with your largest or most problematic site. After each deployment, validate M365 performance against your baseline metrics. Pay particular attention to Teams call quality scores (accessible through the Teams Admin Centre call quality dashboard and correlated with Meraki Insight data), SharePoint response times, and OneDrive sync completion rates. Address any issues before proceeding to the next site.
Phase 4: Optimisation and Ongoing Management (Ongoing)
M365 optimisation is not a one-time activity. Microsoft regularly adds new services, changes endpoint requirements, and updates recommended network configurations. Schedule quarterly reviews of your Meraki M365 policies to ensure they remain aligned with Microsoft’s latest guidance. Use Insight trend data to identify capacity constraints before they impact performance, and proactively upgrade WAN links or adjust traffic shaping policies as your M365 usage grows.
Licensing and Costs for UK Businesses
Understanding the licensing requirements and associated costs is essential for budgeting. Meraki operates on a subscription model where hardware and licensing are sold separately. For M365 integration, the key licensing considerations are:
Meraki MX Licensing: Each MX appliance requires an active licence. The Advanced Security licence (required for SD-WAN and traffic shaping) starts at approximately £350 per year for the MX68, the most common model for small branch offices, rising to approximately £1,200 per year for the MX250 used in larger sites. Three-year and five-year terms offer significant discounts.
Meraki Insight Licensing: Insight requires a separate licence at approximately £150–£400 per MX per year depending on the model. Given the visibility it provides into M365 performance, we consider this essential for any serious M365 deployment.
Meraki MR Licensing: Wireless access points require their own licences, starting at approximately £120 per AP per year. For M365 optimisation, ensure all APs are licensed so QoS policies are consistently applied across your wireless infrastructure.
For a typical UK business with five branch offices, 200 users, and a full Meraki stack (MX, MR, MS), expect to budget between £15,000 and £25,000 per year for licensing, depending on the models deployed. While this represents a meaningful investment, the productivity gains and reduced IT support overhead from optimised M365 performance typically deliver a return within 12–18 months.
Future-Proofing Your M365 Network with Meraki
The Microsoft 365 platform continues to evolve rapidly. Copilot AI integration is driving increased demand for low-latency cloud connectivity. Microsoft Mesh and immersive meeting experiences will require even more bandwidth and lower latency than traditional Teams meetings. Loop components are increasing the real-time collaboration traffic across M365 applications. Meraki’s cloud-managed architecture is well-positioned for these changes — firmware updates, new application signatures, and enhanced SD-WAN capabilities are delivered automatically through the dashboard, ensuring your network keeps pace with M365’s evolution without requiring manual intervention at each site.
For UK businesses committed to Microsoft 365 as their productivity platform, investing in a properly configured Meraki network is one of the highest-impact technology decisions available. The combination of SD-WAN intelligent routing, granular QoS policies, Insight monitoring, and Entra ID integration creates a network that is purpose-built for M365 — delivering measurably better performance, significantly reduced IT overhead, and a foundation that scales with your business.
Optimise Your Microsoft 365 Network
Whether you are experiencing Teams call quality issues, slow SharePoint performance, or simply want to ensure your network is optimised for M365, our team of Meraki-certified engineers can help. Get in touch for a free network assessment and discover how Cloudswitched can transform your Microsoft 365 experience.
CloudSwitched
London-based managed IT services provider offering support, cloud solutions and cybersecurity for SMEs.