I was talking to a client yesterday and asked how their infrastructure was coping with mass working from home. By a stroke of luck, they have moved their mail and Sharepoint to Office365 (or whatever Microsoft have decided to call it this week) ands split tunnelling on their VPN so a lot of traffic doesn’t have to go in and out their gateways. The UK NCSC are now using this kind of configuration in their guidance…:
[…] Managed tunnels follow this approach. By default, all your traffic goes down the VPN where you have confidence in how it’s configured. However, for higher bandwidth tasks, or specific services where you have more trust that they’re well configured (e.g. doing all the right “stuff” with TLS), you can allow that traffic outside of the VPN to help you scale up.
As we cover in the updated guidance, this approach can be sensible if it meets a couple of tests that we describe. However, support for this is currently limited to Windows 10 1909 and upwards.