Office 365 Endpoint IP Address and URL Service

In the era of the cloud, service releases and changes are nearly constant. Microsoft Office 365 could not be an exception, especially with the large and increasing number of services and millions of users.

But some of those changes and releases sometimes cause issues with on-premises infrastructure that is not property configured. Today I am going to focus on the networking side of things and talk about allowing access to Office 365 services from firewall and proxy servers.

The first thing you'll need to permit access to Office 365 services from your on-premises machines is to know the service endpoints and by endpoints I mean IP addresses and URLs. Fortunatelly, this information is available from Microsoft in this  article so the only thing you'll have to do is read through it, get the information for the services you're using and configure your proxy server and firewall.

That's easy, what happens though when that information is updated? This is where the problems start. First of all, you'll have to know that a change is about to happen (or already has) and then update your configuration accordingly. Easier said than done...

In the past, Microsoft published and XML file that contained all the endpoints and their details but for a while now it has been replaced by a web service. You can query this web service and get the latest version of the endpoints and even proxy PAC files.

Let's see how we can get this information using Powershell!

First off, we create a new GUID for the request and then request the data from the service. The responce is in JSON format and in order to make things easier, we convert it to an object.

$clientID = [GUID]::NewGuid()

Invoke-WebRequest -Uri "https://endpoints.office.com/endpoints/worldwide?clientrequestid=$($clientID.ToString())" |
    ConvertFrom-Json

You should get an output similar to the below: 

id:1
serviceArea:Exchange
serviceAreaDisplayName:Exchange Online
urls:{outlook.office.com, outlook.office365.com}
ips:{13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20...}
tcpPorts:80,443
expressRoute:True
category:Optimize
required:True
id:2
serviceArea:Exchange
serviceAreaDisplayName:Exchange Online
urls:{smtp.office365.com}
ips:{13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20...}
tcpPorts:587
expressRoute:True
category:Allow
required:True


Now that we have the array of the endpoints and their information we can automatically update the settings on the networking devices and make sure that our users and systems can reach the Office 365 services they need to.

Now, most of the major networking vendors have already updated their software and are able to access the above information so that you don't have to. Many of them - such as CheckPoint - even provide the services as objects in their configuration tools!

Popular posts from this blog

Domain Controller Machine Password Reset

Managing Active Directory User Certificates using PowerShell

Configuring a Certificate on Exchange Receive Connector