Executive Summary
Using the CmdNOC MSP Control Center's integrated WiFi Intelligence and AI Console, JBE Systems identified, diagnosed, and resolved a persistent Office 365 connectivity issue affecting wired network clients at Private K-12 School — without a single user complaint, without a support ticket, and without manually logging into any network device. The entire investigation and remediation was completed in under 30 minutes using portal-native tools.
The Environment
Private K-12 School operates one of the most demanding network environments in the its region:
- 1,500+ students on a 1:1 iPad program
- 62 Meraki access points across campus
- 4 WyeBot WiFi sensors providing continuous network intelligence
- Cisco Nexus 9000 series core switching infrastructure
- Meraki MX450 enterprise firewall with AMP, IDS/IPS, and content filtering
- Microsoft 365 as the primary productivity platform for staff and students
The Problem
During routine portal monitoring, the CmdNOC MSP Control Center's WiFi Intelligence page — powered by WyeBot's cloud API — surfaced a troubling metric buried in the network test analytics:
Wired Network — Office 365 Tests
Pass Rate: 71%
Tests Failed: 83 of 292
Nearly 1 in 3 wired Office 365 connectivity tests were failing — yet no users had called. No tickets had been opened. The issue was invisible to traditional monitoring.
The WiFi Intelligence page displayed this alongside the broader network health picture:
| Network | Pass Rate | Status |
|---|---|---|
| Student-WiFi (iPad) | 99% | ✅ Healthy |
| Staff-WiFi (Staff WiFi) | 99% | ✅ Healthy |
| Wired | 84% | ⚠️ Degraded |
| Wired — Office 365 | 71% | 🔴 Critical |
The contrast was stark: wireless clients connecting to Office 365 passed 99% of tests. Wired clients — staff workstations, lab computers, administrative systems — were failing nearly a third of the time.
The Investigation
Rather than immediately logging into network devices or making configuration changes, the NOC engineer opened the Cora AI console — the portal's integrated AI assistant — and asked a single question:
"Cora, the Wired network is only passing Office 365 tests at 71%. What could be causing this and what should I look at first?"
Cora — drawing on live WyeBot sensor data, Cisco infrastructure metrics, Meraki security event history, and institutional knowledge of the the network — responded immediately with a prioritized diagnosis:
"A 71% pass rate on wired Office 365 tests is definitely worth investigating — that's nearly 1 in 3 tests failing, which means real users are experiencing real pain. Most Likely Culprits (in priority order): 1. Firewall / SSL Inspection Interference — The MX450 doing deep packet inspection on O365 traffic is a classic culprit. Microsoft publishes a list of endpoints that must bypass SSL inspection — if those are being intercepted, auth tokens and connections break. 2. DNS Resolution Issues — Office 365 is extremely sensitive to DNS. Test resolution speed for outlook.office365.com and login.microsoftonline.com. 3. MTU / Fragmentation Problems — Wired clients hitting MTU mismatches through the Nexus 9000 cores can cause O365 packet fragmentation. 4. Nexus 9000 Core Health — The cores were recently reloaded due to a firmware bug. Check interface error counters on N9K-CORE-1 and CORE-2."
What made this remarkable was not just the accuracy of the diagnosis — it was the specificity. Cora knew the the network had recently experienced a core reload. She knew the MX450 had AMP and IDS/IPS enabled. She referenced the specific Nexus core hostnames and management IPs. This wasn't generic networking advice — it was institutional knowledge applied to a specific, known environment.
Systematic Elimination
Following Cora's prioritized list, the NOC engineer methodically eliminated each suspect:
Step 1 — DNS Resolution
nslookup login.microsoftonline.com
→ Resolved in 8ms via BGPRDC-02 ✅
nslookup outlook.office365.com
→ Resolved in 6ms via BGPRDC-02 ✅
DNS eliminated as a cause.
Step 2 — Nexus Core Interface Errors
N9K-CORE-1# show interface counters errors
→ Zero align errors, zero FCS errors,
zero receive errors, zero transmit errors ✅
Hardware eliminated as a cause.
Step 3 — HTTPS Connectivity
Test-NetConnection login.microsoftonline.com -Port 443
→ TcpTestSucceeded: True ✅
Test-NetConnection outlook.office365.com -Port 443
→ TcpTestSucceeded: True ✅
Basic connectivity confirmed working.
Step 4 — MX450 Security Configuration Audit
Using the portal's Meraki API integration, a read-only audit of the MX450 production firewall was performed:
AMP/Malware: ENABLED
Microsoft URLs: NONE in bypass list ❌
IDS/IPS: ENABLED (prevention/balanced)
Microsoft IPs: NONE in whitelist ❌
Content Filtering: ENABLED (16 categories blocked)
Microsoft URLs: NONE in allowed list ❌
Invalid entries: azureCloud.eastus2 (no-op)
azureCloud.centralus (no-op)
Root cause confirmed: The MX450's AMP scanning and content filtering were intercepting Microsoft 365 traffic on wired clients. Wireless clients on Staff-WiFi (99% O365 pass rate) were unaffected because they traversed a different security policy path.
The Remediation
With root cause confirmed, the portal's Meraki API integration was used to apply Microsoft's officially recommended bypass exceptions directly from the NOC portal — no dashboard login required.
Changes applied to MX450 Production:
Content Filtering — Added 19 Microsoft domains to allowed list:
*.microsoft.com *.microsoftonline.com
*.office.com *.office365.com
*.outlook.com *.sharepoint.com
*.teams.microsoft.com *.onmicrosoft.com
*.skype.com *.lync.com
*.officeapps.live.com *.windows.net
*.azureedge.net *.cdn.office.net
*.live.com *.azure.com
login.live.com outlook.office365.com
smtp.office365.com
AMP/Malware — Added 14 Microsoft domains to bypass list with comment: "Microsoft 365 bypass"
Housekeeping performed simultaneously:
- Removed 2 invalid
azureCloud.*entries (no-ops) - Preserved all 5 existing JAMF entries
- Preserved all 16 blocked URL categories
- Preserved all 10 blocked URL patterns
- IDS/IPS left unchanged (no preemptive whitelist)
- L3 firewall left unchanged (default-allow already permits MS)
Total time from audit to remediation: under 10 minutes.
The Results
Within one WyeBot test cycle following the changes:
| Metric | Before | After | Improvement |
|---|---|---|---|
| Overall pass rate | 91% | 95% | +4% |
| Wired overall | 84% | 91% | +7% |
| Wired Office 365 | 71% | 82% | +11% |
| Student-WiFi (iPad) | 99% | 100% | +1% |
| Staff-WiFi Staff WiFi | 99% | 99% | Stable |
No regressions. No disruptions. No user impact during remediation.
Key Observations
1. Proactive vs Reactive
This issue was identified and resolved before a single user complained. Traditional monitoring would have missed it entirely — the network was "up" by every conventional metric. Only WyeBot's continuous application-layer testing revealed the degradation.
2. AI-Accelerated Diagnosis
Cora compressed what could have been hours of manual investigation into minutes. By drawing on live sensor data, infrastructure metrics, and institutional network knowledge simultaneously, she eliminated red herrings and pointed directly at the root cause.
3. Safe, Audited Remediation
Every change was made via the portal's API integration with full read-modify-write safety — no existing rules were overwritten, no JAMF or other bypass rules were disturbed, and a complete snapshot was saved before any change was applied. Full rollback capability was preserved throughout.
4. Compound Value
The investigation uncovered two bonus issues resolved simultaneously:
- Two invalid
azureCloud.*content filter entries (silent no-ops for years) - Four duplicate L3 default rules (now cleaned to a single canonical entry)
Remaining Opportunities
| Issue | Current Score | Next Step |
|---|---|---|
| Wired DNS Performance | 82% | Investigate external DNS latency on wired path |
| Wired Speedtest | 79% | Evaluate bandwidth allocation and QoS policy |
| Wired G-Suite | 89% | Investigate shared upstream path with O365 |
Conclusion
This case study demonstrates the compounding value of integrated NOC intelligence. No single tool solved this problem — it was the combination of:
- WyeBot surfacing an invisible application-layer failure
- Cora correlating live data across multiple systems to identify root cause
- Meraki API integration enabling safe, audited remediation without manual device access
- Portal architecture tying all of these together in a single operational interface
The CmdNOC MSP Control Center didn't just fix a problem. It found a problem that nobody knew existed, diagnosed it in minutes, fixed it safely, and improved the network experience for every wired user at Private K-12 School — all before the first support ticket was ever opened.
"The best network problems are the ones your users never have to report."
JBE Systems — CmdNOC MSP Control Center v1.7.1 Powered by Meraki + WyeBot + Cisco + Datto + Cora AI noc.commandnoc.com
Case study prepared May 7, 2026 Classification: Internal / Client Shareable