Test connectivity to various Azure and O365 services

When starting the journey to the cloud, then connectivity is the most important point. Azure consist of thousands of endpoints which also can change daily. Therefore, Microsoft build a webservice to provide you always with an up to date list, which is used by a lot of firewall/proxy vendors to provide you an easy way to allow connections to all O365 services in their products. But often I experience, that the network team not opens all URLs as requested. So, we need a possibility to test this in before an engagement starts. In this blog post I explain how you can do this with the Modern Workplace Client Center (MWCC) PowerShell Module.

The source code can be found on GitHub and the PowerShell Module is available in the PowerShell Gallery.

Basics

You can request all Office 365 endpoints with the following command:

$Endpoints = Invoke-WebRequest -Uri https://endpoints.office.com/endpoints/worldwide?clientrequestid=$(New-Guid)
$Endpoints.Content | ConvertFrom-Json

The list of Office 365 endpoints look like displayed in the following screenshot:

But as you can see with this list, it’s complicated to do connectivity tests because:

  • Some URL’s contain wildcards
  • Different Protocols in use
  • Many URL’s are represented in different service areas
  • IP’s are always complete subnets and it’s unclear which IP’s are really an endpoint at that moment.

My solution

Because of the above mentioned issues I created the new PowerShell function Invoke-AnalyzeAzureConnectivity. This function is solving the above issues and allows to do all necessary connectivity checks in a few minutes.

  • Some url’s contain wildcards

    I searched for each URL with a wildcard for a static host. With that we can do the needed checks.

  • Different Protocols in use

    In other methods I already use the HttpConnectivityTester Module which also respects proxy server and is doing a lot of checks. I created an additional PowerShell module to test other protocols by using Test-NetConnection and providing the same deep insights into connectivity issues.

  • Many url’s are represented in different service areas

    The function is checking each host only once to reduce the execution time.

  • IP’s are always complete subnets and it’s unclear which IP’s are really an endpoint at that moment.

    For this problem I have not yet a solution.

You can easily install the Module and execute the connectivity test with the following lines of code:

Install-Module ModernWorkplaceClientCenter -Force
$r = Invoke-AnalyzeAzureConnectivity -UrlSet Common -OnlyRequired
$r | Out-GridView

In the Out-GridView you can see if any endpoint has an issue including tips on how to solve the issue.

I hope this new function will help you. If you have feedback, just send me a message or fill out a feature request.

Thomas Kurth
Follow me

Thomas Kurth

Principal Workplace Consultant at baseVISION AG
I’m a consultant, trainer and architect for workplace management and enterprise mobility projects with Microsoft Technologies in the past eight years. I love to push and design the modern workplace based on Windows 10, EM&S and O365 for my customers which is the only answer for the current security threats, agile world and the fast-changing business requirements of my customers. Important for me is to simplify and automate the operational processes, because there are the highest costs.

MCSEMCTCMCE
Thomas Kurth
Follow me