Office 365 Proxy PAC URLs

As you maybe aware Microsoft recomends that you proxy bypass URL’s associated to Office 365. If you don’t then you may get some strange issues, some we have seen include regular pop-up box’s asking you to login, when you are already logged in.

Microsoft says “To optimize performance to Office 365 cloud-based services, these endpoints need special handling by your client browsers and the devices in your edge network. These devices include firewalls, SSL Break and Inspect and packet inspection devices, and data loss prevention systems.”

The old XML file and RSS feed were stopped on October 2nd 2018 and were replaced with a REST-based web service and new RSS feed.

If you are using a PAC file then this maybe the solution.

  1. PowerShellGallery has a script that you can use to generate a sample PAC file, download the script here
  2. Save this script with a sutiable name, in our example it is called Office-365-PAC-URLs.ps1
  3. Run the following command in PowerShell, this will use the PowerShell script to connect to the Office 365 IP/URL WebService and create a PAC file based on this.

.\Office-365-PAC-URLs.ps1 -Type 2 -Instance Worldwide -ClientRequestId b10c5ed1-bad1-445f-b386-b919946339a7

Example output once you run this :-

You can then copy this into a section of your existing PAC file, you may need to modify the “PROXY” address to match yours.

Note that the GUID for the ClientRequestID parameter in these URIs are only an example. To try the web service URIs out, generate your own GUID. The GUIDs shown in these examples may be blocked by the web service in the future. To generate a GUID, use the New-Guid PowerShell command.

Further Modifications (Optional)

You can modify the request to include your tenant name, this means the correct URL’s for your tenant will be included, in the example below your tenant name is “Contoso” :-

.\Office-365-PAC-URLs.ps1 -Type 2 -Instance Worldwide
-TenantName Contoso -ClientRequestId b10c5ed1-bad1-445f-b386-b919946339a7

You can also export the data straight into a sample PAC file by adding some code to the end of the command, in the below example it will create a PAC file called type1.pac in the same location as your PowerShell script.

.\Office-365-PAC-URLs.ps1 -Type 2 -Instance Worldwide -ClientRequestId b10c5ed1-bad1-445f-b386-b919946339a7 -FilePath type1.pac

According to Microsoft this list is updated once a month – Microsoft updates the Office 365 IP address and FQDN entries at the end of each month and occasionally out of cycle for operational or support requirements. The data for each published instance is assigned a version number. The version web method lets you poll for the latest version for each Office 365 service instance. We recommend you check the version daily, or at the most, hourly. New versions should be expected at the start of each month. Sometimes due to support incident, security, or other operational requirements there will be new versions during the month.

For further information about the webservice please read the Microsoft document “Managing Office 365 endpoints” and “Office 365 IP Address and URL Web Service

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: