It's surprising that there's been almost no report on the topology of the affected network, and how that ultimately contributed to the large-scale effects of this incident.
As with most universities, Exeter University widely uses public IP addresses in it's 18.104.22.168/16 primary network allocation for connected devices (this huge subnet means there's no technical requirement for any address translation since they're a long way from subnet exhaustion).
However, the University regularly uses /21 (255.255.248.0) subnets internally, with insufficient segregation [with VLANs] of logical segments. In addition, many network segments are wired in long spurs, which means that isolating one network segment may necessarily require isolation of cascaded segments which needn't have been architechted in that way.
Finally, and arguably most importantly, the university uses no internally firewalling of it's subnets in their central routing platform (think: zoned firewalls). There is firewalled access for traffic originating outside their primary /16 network, but that still leaves 65k+ addresses all of which can directly connect to each other. To my knowledge there is little or no IDP or traffic monitoring across segments, although this only helps if you actually segregate your networks at the Layer 2 & Layer 3 level.
Certainly, there's no excuse for an attack which (ostensibly) only affects Windows workstations and servers to mean that VoIP networks should be affected, and indeed it should be possible on any corporate network to leave VoIP up and running, even if there's shared infrastructure.
Finally, you have to wonder how the majority of network connected Windows machines went un-patched.
Just my $0.02, but didn't seem that anyone else was saying it.