How to monitor Microsoft 365 endpoint URLs using PowerShell

Microsoft 365 endpoints are the set of destination IP addresses, DNS domain names, and URLs for Microsoft 365 traffic on the Internet.

To optimize performance to Microsoft 365 cloud-based services, these endpoints need special handling by client browsers and the devices in our edge network. These devices include firewalls, SSL Break and Inspect and packet inspection devices, and data loss prevention systems.

By default, there are 3 core services Exchange Online, SharePoint Online & OneDriveForBusiness, and Microsoft Teams. Apart from this, there is a very critical service which is a must needed for Office 365 which is Microsoft 365 Common and Office Online URLs.

These make it a total of 4 core services. These form the core of Office 365 and connectivity principles for these services are very easy to understand and straightforward to implement if all involved parties, the team that supports Office 365; Security Services, and Network Services team come together and implement them as per the guidelines.

There are 3 categories that Microsoft has come up with to establish connectivity principles. These are categorized as Optimize, Allow, and Default. For more information about the categories, please refer https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-network-connectivity-principles?view=o365-worldwide#new-office-365-endpoint-categories

As per Microsoft documentation, Endpoints data is updated at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This will allow customers who do not yet have automated updates to complete their processes before new connectivity is required.

If there are any endpoint URLs that have been changed and if you don’t pick the changes in your infra, there will be an impact to the services for the URLs that have been added.

Manually checking the endpoint URLs and finding what has been changed from its previous version is a very tedious process and you never know when will the changes happen for manual check.

So in this blog post, I will help you, how to monitor the endpoint URL changes and email the URL’s which can help you you to evaluate, configure, and stay up to date with changes.

I have utilized the Microsoft script and made the necessary updates to extract the changes what has happened recently or from its previous version and email it.

we can run this script as a scheduled task once in two weeks and email the changes incase any thing found.

The powershell script does the following:

  • Checks the version number of the current Office 365 Worldwide instance endpoints by calling the web service REST API.
  • Checks for a current version file at $Env:TEMP\O365_endpoints_latestversion.txt. The path of the global variable $Env:TEMP is usually C:\Users\<username>\AppData\Local\Temp.
  • If this is the first time the script has been run, the script returns the current version and all current IP addresses and URLs, writes the endpoints version to the file $Env:TEMP\O365_endpoints_latestversion.txt and the endpoints data output to the file $Env:TEMP\O365_endpoints_data.txt. You can modify the path and/or name of the output file by editing these lines:

PowerShellCopy

$versionpath = $Env:TEMP + "\O365_endpoints_latestversion.txt"

$datapath = $Env:TEMP + "\O365_endpoints_data.txt"

  • On each subsequent execution of the script, if the latest web service version is identical to the version in the O365_endpoints_latestversion.txt file, the script exits without making any changes.
  • When the latest web service version is newer than the version in the O365_endpoints_latestversion.txt file, the script returns the endpoints and filters for the Allow and Optimize category endpoints, updates the version in the O365_endpoints_latestversion.txt file, and writes the updated data to the O365_endpoints_data.txt file.
  •  The script generates a unique ClientRequestId for the computer it is executed on, and reuses this ID across multiple calls. This ID is stored in the O365_endpoints_latestversion.txt file.
  • The script checks for the URL’s that has changed from their previous version, write the changes to csv file.
  • Email the changes (CSV) file to the recipients.

Download the script (Office365-EndpointURL-Monitoring.ps1) from GitHub and edit the script to update fields such as email, recipients such as To and CC, SMTP details to receive emails. https://github.com/eskonr/MEMPowered/tree/master/Scripts/Office365

Script output:

References:

Office 365 changelog:

https://endpoints.office.com/version/worldwide?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7

For the latest version of the Office 365 URLs and IP address ranges: https://endpoints.office.com/version

Leave a Reply