You are looking to use Office 365 or Azure Services, though you are wondering how you can seggregate workloads from travelling over public networks… With ExpressRoute, you are able to ensure that certain services are only accessible via your private virtual networks!
This possibility is possible for all Azure Services, except the following ;
- Content Delivery Network
- Visual Studio Online Load Testing
- Multi-factor Authentication
So connectivity to virtual machines and cloud services deployed in virtual networks are supported over the private peering path. The same goes for Azure Websites and all other services are accessible.
When looking towards Office365, the following services are supported ;
- Exchange Online & Exchange Online Protection
- SharePoint Online
- Skype for Business Online
- Office Online
- Azure AD & Azure AD Sync
- Office 365 Video
- Power BI
- Delve
- Project Online
The following Office 365 services are not supported ;
- Yammer
- Office 365 ProPlus client downloads
- On-premises Identity Provider Sign-In
- Office 365 (operated by 21 Vianet) service in China
(Though you can connect to these services over the internet)
Source ; ExpressRoute FAQ
Karim Vaes 