Office 365 Proxy PAC generator

Use this script to automatically create a Proxy PAC file to be used with WPAD or GPO delivery of a proxy automatic configuration script.  This script can be scheduled to save to a network share or other location. You can also use it as a basis for including in other proxy PACs.

3.8 Star
20,679 times
Add to favorites
E-mail Twitter Digg Facebook
  • Successor
    1 Posts | Last post November 26, 2019
    • I think Aaron will not Update the script because a successor is available via
      Install-Script -Name Get-PacFile -Scope AllUsers
      Further information here:
  • Proxy Bypass
    1 Posts | Last post October 08, 2019
    • Hi,
      What section of the PowerShell script do I add domains to bypass the proxy and go direct?
      Mark Baylis
  • Update for JSON output
    4 Posts | Last post March 27, 2019
    • Do you plan to update this tool to deal with the new O365 web services: ?
    • ..same wish here :)
    • +1
    • created a draft-script that is using the new json list from microsoft.
      It's available here
  • Not working at all
    3 Posts | Last post November 21, 2018
    • Downloaded latest version to refresh our pac script to hopefully include new domains mentioned in MC165128, ie:,,,
      Ran the script and all I got what this!
      function FindProxyForURL(url, host)
      if (
      dnsDomainIs(host, "")
      return "DIRECT";
      else { return "PROXY; DIRECT";}
    • I have the same issue.
    • this .ps1 is no longer working as source xml page from Microsoft
      has been discontinued.
      You should ask @Aaron if he plans to update it to the new way MS is publishing O365 URLs
      See previous post 'Update for JSON output' from unknownuser37428923
  • IE slowness when deployed pac script enabled
    1 Posts | Last post May 08, 2018
    • The latest version of this script generated a lot of isInNet(host, "ip address"...) commands which caused a big slowness in IE11 (no issue with Chrome).
      Please take note of this:  (in particular solution b.)
      Rewriting the generated script as discussed there solved my problem.
  • bypass not working for 0365
    3 Posts | Last post April 20, 2018
    • Hi 
      I have a WPAD delivered to users via DHCP. IN the WPAD file, i have bypassed all of the 0365 urls and IPs to go direct. Still i see many hits to in the proxy logs. I am suspecting that outloook somehow is not honouring the WPAD file and hence traffic is going via proxy. My proxy is explicit proxy. 
      below is the snippet of the wpad code. 
      dnsDomainIs(host, "")||
      return "DIRECT";
      do you have any idea why i still see traffic on proxy for this URL. 
    • If you're getting it delivered via WPAD, Outlook will typically honor it.  Explicit proxy would indicate that you are also configuring settings via IEAK or GPO.  Which are you doing?
    • When we build SOE, we select "Auto detect settings" in the IE options. There is no IEAK or GPO being used. 
      Do you know any application ( outllok pro plus, skype for business, onedrive for business client) not honouring the WPAD delivered via DHCP? I guess firefox do not understand it. 
  • non ascii charactors still remaining?
    3 Posts | Last post January 11, 2018
    • I still couldn't run this script. could you check below? thanks.
      ag "[\x80-\xFF]"  Office365ProxyPac.ps1
      189:[regex]$ProductsRegEx = '(?i)^(' + (($Products |foreach {[regex]::escape($_)}) �join "|") + ')$'
      192:	[regex]$BlocklistRegEx = '(?i)(' + (($Blocklist |foreach {[regex]::escape($_)}) �join "|") + ')'
    • I'm sorry to bother you. thanks a lot.
      189:[regex]$ProductsRegEx = '(?i)^(' + (($Products |foreach {[regex]::escape($_)}) -join "|") + ')$'
      192:	[regex]$BlocklistRegEx = '(?i)(' + (($Blocklist |foreach {[regex]::escape($_)}) -join "|") + ')'
    • I've updated the script.
  • Office 365 endpoints
    2 Posts | Last post January 10, 2018
    • Hi,
      Many thanks for your work on the script.
      There does not appear to be a 'product' for a list of FQDNs for separating Internet FQDNs from know Office 365 FQDN's as described here:
      under 2. proxies & #1 - PAC file: Separates required Internet ...
      Do you know if such a list is available in i.e. XML format?
    • You mean for like "Microsoft" vs "Non-Microsoft" endpoints?
  • non ascii charactors
    2 Posts | Last post January 10, 2018
    • I could't run your script and found no-ascii charactors.
      ag "[\x80-\xFF]"  Office365ProxyPac.ps1
      188:[regex]$ProductsRegEx = �(?i)^(� + (($Products |foreach {[regex]::escape($_)}) �join "|") + ')$'
      191:	[regex]$BlocklistRegEx = �(?i)(� + (($Blocklist |foreach {[regex]::escape($_)}) �join "|") + ')'
    • I have removed/replaced those characters.
  • can't download xml
    2 Posts | Last post October 31, 2017
    • Hi Aaron
      I'm getting this when running the script.
      Downloading latest Office 365 XML data...
      Exception calling "DownloadString" with "1" argument(s): "The remote server returned an error: (407) Proxy Authentication Required."
    • Nevermind, obviously our environment is somehow preventing access to download the latest xml via powershell session? I worked around this by downloading the XML file locally, and updating the script to reference the local path.
      Thank you.
1 - 10 of 20 Items