WiFi / Firewall Private K-12 School May 2026

AI-Assisted Network Troubleshooting: a Private K-12 School

WyeBot WiFi Intelligence + Cora AI console

Outcome: Wired Office 365 pass rate improved from 71% to 82% (+11%) in under 30 minutes

Executive Summary

Using the CmdNOC MSP Control Center's integrated WiFi Intelligence and AI Console, JBE Systems identified, diagnosed, and resolved a persistent Office 365 connectivity issue affecting wired network clients at Private K-12 School — without a single user complaint, without a support ticket, and without manually logging into any network device. The entire investigation and remediation was completed in under 30 minutes using portal-native tools.


The Environment

Private K-12 School operates one of the most demanding network environments in the its region:


The Problem

During routine portal monitoring, the CmdNOC MSP Control Center's WiFi Intelligence page — powered by WyeBot's cloud API — surfaced a troubling metric buried in the network test analytics:

Wired Network — Office 365 Tests
Pass Rate: 71%
Tests Failed: 83 of 292

Nearly 1 in 3 wired Office 365 connectivity tests were failing — yet no users had called. No tickets had been opened. The issue was invisible to traditional monitoring.

The WiFi Intelligence page displayed this alongside the broader network health picture:

NetworkPass RateStatus
Student-WiFi (iPad)99%✅ Healthy
Staff-WiFi (Staff WiFi)99%✅ Healthy
Wired84%⚠️ Degraded
Wired — Office 36571%🔴 Critical

The contrast was stark: wireless clients connecting to Office 365 passed 99% of tests. Wired clients — staff workstations, lab computers, administrative systems — were failing nearly a third of the time.


The Investigation

Rather than immediately logging into network devices or making configuration changes, the NOC engineer opened the Cora AI console — the portal's integrated AI assistant — and asked a single question:

"Cora, the Wired network is only passing Office 365 tests at 71%. What could be causing this and what should I look at first?"

Cora — drawing on live WyeBot sensor data, Cisco infrastructure metrics, Meraki security event history, and institutional knowledge of the the network — responded immediately with a prioritized diagnosis:

"A 71% pass rate on wired Office 365 tests is definitely worth investigating — that's nearly 1 in 3 tests failing, which means real users are experiencing real pain. Most Likely Culprits (in priority order): 1. Firewall / SSL Inspection Interference — The MX450 doing deep packet inspection on O365 traffic is a classic culprit. Microsoft publishes a list of endpoints that must bypass SSL inspection — if those are being intercepted, auth tokens and connections break. 2. DNS Resolution Issues — Office 365 is extremely sensitive to DNS. Test resolution speed for outlook.office365.com and login.microsoftonline.com. 3. MTU / Fragmentation Problems — Wired clients hitting MTU mismatches through the Nexus 9000 cores can cause O365 packet fragmentation. 4. Nexus 9000 Core Health — The cores were recently reloaded due to a firmware bug. Check interface error counters on N9K-CORE-1 and CORE-2."

What made this remarkable was not just the accuracy of the diagnosis — it was the specificity. Cora knew the the network had recently experienced a core reload. She knew the MX450 had AMP and IDS/IPS enabled. She referenced the specific Nexus core hostnames and management IPs. This wasn't generic networking advice — it was institutional knowledge applied to a specific, known environment.


Systematic Elimination

Following Cora's prioritized list, the NOC engineer methodically eliminated each suspect:

Step 1 — DNS Resolution

nslookup login.microsoftonline.com
→ Resolved in 8ms via BGPRDC-02 ✅
nslookup outlook.office365.com
→ Resolved in 6ms via BGPRDC-02 ✅

DNS eliminated as a cause.

Step 2 — Nexus Core Interface Errors

N9K-CORE-1# show interface counters errors
→ Zero align errors, zero FCS errors,
  zero receive errors, zero transmit errors ✅

Hardware eliminated as a cause.

Step 3 — HTTPS Connectivity

Test-NetConnection login.microsoftonline.com -Port 443
→ TcpTestSucceeded: True ✅
Test-NetConnection outlook.office365.com -Port 443
→ TcpTestSucceeded: True ✅

Basic connectivity confirmed working.

Step 4 — MX450 Security Configuration Audit

Using the portal's Meraki API integration, a read-only audit of the MX450 production firewall was performed:

AMP/Malware:       ENABLED
  Microsoft URLs:  NONE in bypass list ❌
IDS/IPS:           ENABLED (prevention/balanced)
  Microsoft IPs:   NONE in whitelist ❌
Content Filtering: ENABLED (16 categories blocked)
  Microsoft URLs:  NONE in allowed list ❌
  Invalid entries: azureCloud.eastus2 (no-op)
                   azureCloud.centralus (no-op)

Root cause confirmed: The MX450's AMP scanning and content filtering were intercepting Microsoft 365 traffic on wired clients. Wireless clients on Staff-WiFi (99% O365 pass rate) were unaffected because they traversed a different security policy path.


The Remediation

With root cause confirmed, the portal's Meraki API integration was used to apply Microsoft's officially recommended bypass exceptions directly from the NOC portal — no dashboard login required.

Changes applied to MX450 Production:

Content Filtering — Added 19 Microsoft domains to allowed list:

*.microsoft.com        *.microsoftonline.com
*.office.com           *.office365.com
*.outlook.com          *.sharepoint.com
*.teams.microsoft.com  *.onmicrosoft.com
*.skype.com            *.lync.com
*.officeapps.live.com  *.windows.net
*.azureedge.net        *.cdn.office.net
*.live.com             *.azure.com
login.live.com         outlook.office365.com
smtp.office365.com

AMP/Malware — Added 14 Microsoft domains to bypass list with comment: "Microsoft 365 bypass"

Housekeeping performed simultaneously:

Total time from audit to remediation: under 10 minutes.


The Results

Within one WyeBot test cycle following the changes:

MetricBeforeAfterImprovement
Overall pass rate91%95%+4%
Wired overall84%91%+7%
Wired Office 36571%82%+11%
Student-WiFi (iPad)99%100%+1%
Staff-WiFi Staff WiFi99%99%Stable

No regressions. No disruptions. No user impact during remediation.


Key Observations

1. Proactive vs Reactive

This issue was identified and resolved before a single user complained. Traditional monitoring would have missed it entirely — the network was "up" by every conventional metric. Only WyeBot's continuous application-layer testing revealed the degradation.

2. AI-Accelerated Diagnosis

Cora compressed what could have been hours of manual investigation into minutes. By drawing on live sensor data, infrastructure metrics, and institutional network knowledge simultaneously, she eliminated red herrings and pointed directly at the root cause.

3. Safe, Audited Remediation

Every change was made via the portal's API integration with full read-modify-write safety — no existing rules were overwritten, no JAMF or other bypass rules were disturbed, and a complete snapshot was saved before any change was applied. Full rollback capability was preserved throughout.

4. Compound Value

The investigation uncovered two bonus issues resolved simultaneously:


Remaining Opportunities

IssueCurrent ScoreNext Step
Wired DNS Performance82%Investigate external DNS latency on wired path
Wired Speedtest79%Evaluate bandwidth allocation and QoS policy
Wired G-Suite89%Investigate shared upstream path with O365

Conclusion

This case study demonstrates the compounding value of integrated NOC intelligence. No single tool solved this problem — it was the combination of:

The CmdNOC MSP Control Center didn't just fix a problem. It found a problem that nobody knew existed, diagnosed it in minutes, fixed it safely, and improved the network experience for every wired user at Private K-12 School — all before the first support ticket was ever opened.


"The best network problems are the ones your users never have to report."


JBE Systems — CmdNOC MSP Control Center v1.7.1 Powered by Meraki + WyeBot + Cisco + Datto + Cora AI noc.commandnoc.com

Case study prepared May 7, 2026 Classification: Internal / Client Shareable