Validate Office 365 client or server connectivity by scanning the endpoints as released on the JSON API

Trouble shooting client connectivity from clients or servers to Office 365 was allways a little bit hard to do when enterprise company’s have their firewalls setup to not open all trafiic to Office 365. Microsoft allways had a site and RSS so you could follow wich url`s, and ip`s you should have opened.

Right now the old site has been deprecated and a new JSON API has been made availeble. We can levarage this API to pull all endpoint data from this API and start probing if we can reach the endpoint or not if you have any connectivy issues or just want to test if you can connect.

For this purpose i have created a PowerShell function that will do this testing for you. As the source is the JSON API it allways tests with the latest information. The function also supports the exporting of the JSON data on a internet connected machine  and using that data as import on a server / client behind a proxy or strict internet firewall.

The function still has a few issues while scanning all endpoints due to the JSON API also publisches wildcard url`s and IP CIDR ranges. In case of a wildcard url the function will remove the wildcard and probe the base URL In case of a CIDR range larger than /31 it will probe the first IP in the range.

As the function returns the exact endpoints and JSON data for endpoints it can not connect, enhanced with data if it is a wildcard or IP range, you can use “Group-Object” to view the results per catogory. As a best practice when using this test function all single IP`s and FQDNs should connect. For all Ranges or wildcard URLS you could investigate.

Samples  of the script runtime with verbose logging on:

Sample of the script result report and returning values:

You can find the function in the script repository or on the TechNet gallery 

Leave a Reply

Your email address will not be published. Required fields are marked *