This post is also available in Deutsch
The analysis of firewall logs in Office 365 projects repeatedly raises the question: Is this blocked IP address part of the Office 365 address range?
Thanks to PowerShell and the information published by Microsoft, the answer is only a few lines of code away.
My script “Test-IsO365IpAddress.ps1” simply needs the IP address in question and optionally the TCP/UDP port. It retrieves the current list of address ranges from Microsoft and checks if the IP address is part of one of the IP networks. If this is the case, the script outputs all services that use this network.
If a port was also specified as part of the command the output will be filtered.
In addition to the service name (e.g. “Exchange Online”), the category (Optimize, Allow or Default), the required ports, the subnet and the somewhat obsolete “Required” category are also displayed.
Equipped with this data, the visit to the firewall team should be successful.
Many thanks also to Luben Kirov who allowed my to use his network functions to analysis the IP networks fast and reliable and Siva Padisetty whose function checkSubnet I used as inspiration for my own implementation.
Ich arbeite als IT Consultant bei Aequitas Integration und habe einen Fokus auf die Microsoft Enterprise Produktpalette.
Jedoch beschäftige ich mich schon lange auch mit Linux und finde auch die unteren OSI Schichten interessant.