5 Benefits of Using Zscaler Internet Access and Microsoft 365 Together

Zscaler Internet Access (ZIA) is a Secure Web Gateway as a Service offering from Zscaler Inc. It is a key component of the Zscaler SASE platform called “Zero Trust Exchange”. Zscaler Internet Access offers companies a comprehensive cloud-based security package that protects all (mobile) users and company locations from web and internet threats. Zscaler and Microsoft have had a close partnership for years, working together to enable secure cloud transformations for companies of all sizes. In 2019, Zscaler was named a certified partner in the Microsoft 365 Networking Partner Program, demonstrating that Zscaler meets Microsoft 365 requirements, recommendations, and best practices.

In this article, I would like to highlight some of the key benefits of using Zscaler Internet Access with Microsoft 365.

1. Enabling secure local internet breakouts

The Microsoft 365 Network Connectivity Principles states that many corporate networks are still designed so that network traffic is routed to a central hub for security inspection before it reaches the Internet (hub-and-spoke architecture). To achieve optimal performance for M365 services, Microsoft recommends local internet breakouts to shorten network paths and allow users to access the nearest M365 entry point. However, numerous local internet breakouts bring new challenges for companies. It is now necessary to provide consistent security measures for all breakouts. The traditional appliance-based NGFW approach is expensive, difficult to manage, and unable to deliver the required performance. This is where Zscaler Internet Access comes into play. ZIA moves the security stack to the cloud, enabling secure local internet breakouts – every bit and byte of internet-connected data traffic in your company is secured and checked.

2. Microsoft-Recommended One Click Office 365 Configuration

Zscaler Internet Access offers a feature called “Microsoft-Recommended One Click Office 365 Configuration” that ensures that all Office 365 traffic is identified by IP address and fully qualified domain name (FQDN). This makes it easy for companies to adhere to Microsoft’s connectivity principles.

Once this feature is enabled, the following will take effect:

  • A predefined ruleset for Office 365 traffic is created, ensuring that your policy set handles Office 365 traffic as Microsoft recommends. This is how e.g. B. Office 365 traffic is excluded from SSL inspection.
  • ZIA fingerprints Office 365 applications and displays all this information on the Office 365 dashboard to give you detailed insights into how your organization is using O365 services.
  • ZIA exchanges the destination IP address with the closest CDN destination for the application to ensure a better user experience. In addition, DNS optimization is carried out automatically. Zscaler has a peering partnership with Microsoft and ensures minimal hops to Microsoft Cloud Services.

Enabling this feature is literally a click away in the Zscaler Internet Access Admin Portal.

3. Tenancy Restriction for Microsft 365 Services

Zscaler Internet Access’s tenancy restriction feature allows organizations to restrict access to personal and work Microsoft accounts based on the Azure AD tenant that the application uses for authentication. This way, the organization can ensure that its users only get access to approved M365 resources. Implementing this feature is very simple. By the way, it doesn’t just work for M365. Other non-corporate instances of popular cloud services such as Google Apps and Dropbox can also be automatically blocked.

4. Bandwith Control to control traffic flow

Zscaler Internet Access’s bandwidth control feature allows you to always have enough bandwidth for your mission-critical M365 applications across all company locations. With Zscaler’s reporting capabilities, it’s easy to identify bandwidth limitations and take necessary actions, such as: For example, limit the impact of streaming, social media, and file sharing by tailoring bandwidth control policies to your business needs.

5. Integration with Microsoft Cloud App Security MCAS (now called Microsoft Defender for Cloud Apps)

Microsoft Defender for Cloud Apps is Microsoft’s CASB solution. It can be tightly integrated with Zscaler Internet Access. Zscaler forwards logs to Microsoft Defender for Cloud Apps, where all cloud apps can be discovered, classified and controlled through policies. These policies are queried via API and enforced inline by Zscaler Cloud App Control.

Combined, these two solutions provide a very seamless cloud service discovery experience, ensuring your users are only using your M365 services and not alternative cloud services that may pose a risk to your organization’s sensitive data.


Zscaler Internet Access is designed to provide direct access to the cloud for internet-based applications such as Microsoft 365. Through the strong partnership with Microsoft and adherence to their network connectivity principles, it can be a real relief for your M365 deployment. Please feel free to contact us if you need advice on Zscaler Internet Access

Picture of Dennis Kionga

Dennis Kionga


Dennis is managing director at Cloud Cape, an IT services company that implements and operates future-proof IT security and cloud solutions. Previously, he worked as Business Development Manager in the Lufthansa Group, where he took responsibility for the global sales of outsourcing solutions for airlines. He completed his studies at the University of Mannheim and earned a Master of Laws (LL.M.) and a postgraduate certificate in project management from the University of Cape Town. During his career he had longer stays abroad in Portugal, the Czech Republic and South Africa.



Picture of Dennis Kionga

Dennis Kionga


Über Cloud Cape

We help companies create transparency in their own IT landscape and accompany them on the path to secure digital transformation. As a ‘cloud-first’ company, we specialize in cloud solutions and cloud security.

Follow us