Meraki

Community

Local breakout of MS Teams when using EntraID with MX SecureConnect

Solved
Masaharu_K
Conversationalist
Sunday
Sunday

Local breakout of MS Teams when using EntraID with MX SecureConnect

I am connecting to SecureConnect in MX.
I want to set up a local breakout to improve VoIP quality.

 

Security &SD-WAN > SD-WAN & Traffic Shaping > Localbreakout> (outside VPN rule )Major applications

 

I have set “Skype &Teams” in this setting.
But it seems that the VPN is also excluding the authentication communication of EntraID other than the VoIP communication of Teams.

 

How is it in your environment?

 

I would like to have VPN to SecureConnect for EntraID authentication and local breakout for Teams only.

 

Labels:
0 Kudos
1 Accepted Solution
alemabrahao
Kind of a big deal
Monday
Monday

You can try setting up specific VPN exclusion rules to ensure that only VoIP traffic for Teams is excluded from the VPN, while authentication traffic for EntraID remains inside the VPN.

 

VPN Full-Tunnel Exclusion (Application and IP/URL Based Local Internet Breakout) - Cisco Meraki Docu...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
Monday
Monday

You can try setting up specific VPN exclusion rules to ensure that only VoIP traffic for Teams is excluded from the VPN, while authentication traffic for EntraID remains inside the VPN.

 

VPN Full-Tunnel Exclusion (Application and IP/URL Based Local Internet Breakout) - Cisco Meraki Docu...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Masaharu_K
Conversationalist
Monday
Monday

Thanks for your advice!

 

I know that I can create rules by destination URL/IP for Teams.(Custom)

When specified on a per-application basis below, Traffics for EntraID other than Teams will also be broken out.

 

Masaharu_K_0-1743462699963.png

 

 

 

0 Kudos
In response to Masaharu_K
alemabrahao
Kind of a big deal
Tuesday
Tuesday

Yes, but you can add a specific URL or group of URLs.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Masaharu_K
Conversationalist
Tuesday
Tuesday

Thanks.

 

I will try to set specific URL of MS-Teams!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.