Office 365 Proxy PAC generator

Use this script to automatically create a Proxy PAC file to be used with WPAD or GPO delivery of a proxy automatic configuration script.  This script can be scheduled to save to a network share or other location. You can also use it as a basis for including in other proxy PACs.

 
 
 
 
 
3.8 Star
(12)
18,690 times
Add to favorites
Networking
9/8/2018
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Proxy Bypass
    1 Posts | Last post October 08, 2019
    • Hi,
      
      What section of the PowerShell script do I add domains to bypass the proxy and go direct?
      
      Regards
      
      Mark Baylis
  • Update for JSON output
    4 Posts | Last post March 27, 2019
    • Do you plan to update this tool to deal with the new O365 web services: https://techcommunity.microsoft.com/t5/Office-365-Blog/Announcing-Office-365-endpoint-categories-and-Office-365-IP/ba-p/177638 ?
    • ..same wish here :)
    • +1
    • created a draft-script that is using the new json list from microsoft.
      It's available here https://itmogool.com/?p=162
  • Not working at all
    3 Posts | Last post November 21, 2018
    • Downloaded latest version to refresh our pac script to hopefully include new domains mentioned in MC165128, ie: aadcdn.msauth.net, aadcdn.msftauth.net, ccscdn.msauth.net, ccscdn.msftauth.net
      
      Ran the script and all I got what this!
      function FindProxyForURL(url, host)
      {
      if (
      dnsDomainIs(host, "office365.com")
      )
      return "DIRECT";
      else { return "PROXY 192.168.1.8:8881; DIRECT";}
      }
      
    • I have the same issue.
    • this .ps1 is no longer working as source xml page from Microsoft
      https://support.content.office.net/en-us/static/O365IPAddresses.xml
      has been discontinued.
      
      You should ask @Aaron if he plans to update it to the new way MS is publishing O365 URLs
      
      See previous post 'Update for JSON output' from unknownuser37428923
  • IE slowness when deployed pac script enabled
    1 Posts | Last post May 08, 2018
    • The latest version of this script generated a lot of isInNet(host, "ip address"...) commands which caused a big slowness in IE11 (no issue with Chrome).
      
      Please take note of this: https://blogs.msdn.microsoft.com/asiatech/2011/12/18/ie-hang-when-access-some-web-sites-with-proxy-pac/  (in particular solution b.)
      Rewriting the generated script as discussed there solved my problem.
  • bypass not working for 0365
    3 Posts | Last post April 20, 2018
    • Hi 
      
      I have a WPAD delivered to users via DHCP. IN the WPAD file, i have bypassed all of the 0365 urls and IPs to go direct. Still i see many hits to outlook.office365.com in the proxy logs. I am suspecting that outloook somehow is not honouring the WPAD file and hence traffic is going via proxy. My proxy is explicit proxy. 
      
      below is the snippet of the wpad code. 
      
      dnsDomainIs(host, "outlook.office365.com")||
      return "DIRECT";
      
      do you have any idea why i still see traffic on proxy for this URL. 
      
    • If you're getting it delivered via WPAD, Outlook will typically honor it.  Explicit proxy would indicate that you are also configuring settings via IEAK or GPO.  Which are you doing?
    • When we build SOE, we select "Auto detect settings" in the IE options. There is no IEAK or GPO being used. 
      Do you know any application ( outllok pro plus, skype for business, onedrive for business client) not honouring the WPAD delivered via DHCP? I guess firefox do not understand it. 
  • non ascii charactors still remaining?
    3 Posts | Last post January 11, 2018
    • I still couldn't run this script. could you check below? thanks.
      
      ag "[\x80-\xFF]"  Office365ProxyPac.ps1
      189:[regex]$ProductsRegEx = '(?i)^(' + (($Products |foreach {[regex]::escape($_)}) �join "|") + ')$'
      192:	[regex]$BlocklistRegEx = '(?i)(' + (($Blocklist |foreach {[regex]::escape($_)}) �join "|") + ')'
    • I'm sorry to bother you. thanks a lot.
      
      189:[regex]$ProductsRegEx = '(?i)^(' + (($Products |foreach {[regex]::escape($_)}) -join "|") + ')$'
      192:	[regex]$BlocklistRegEx = '(?i)(' + (($Blocklist |foreach {[regex]::escape($_)}) -join "|") + ')'
    • I've updated the script.
  • Office 365 endpoints
    2 Posts | Last post January 10, 2018
    • Hi,
      
      Many thanks for your work on the script.
      There does not appear to be a 'product' for a list of FQDNs for separating Internet FQDNs from know Office 365 FQDN's as described here:
      
      https://support.office.com/en-gb/article/Managing-Office-365-endpoints-99cab9d4-ef59-4207-9f2b-3728eb46bf9a?ui=en-US&rs=en-GB&ad=GB#ID0EABAAA=2._Proxies&ID0EADAAA=2._Proxies&ID0EAEAAA=2._Proxies
      
      under 2. proxies & #1 - PAC file: Separates required Internet ...
      
      Do you know if such a list is available in i.e. XML format?
      
      thanks
    • You mean for like "Microsoft" vs "Non-Microsoft" endpoints?
  • non ascii charactors
    2 Posts | Last post January 10, 2018
    • I could't run your script and found no-ascii charactors.
      
      ag "[\x80-\xFF]"  Office365ProxyPac.ps1
      7:THIS CODE AND ANY ASSOCIATED INFORMATION ARE PROVIDED �AS IS� WITHOUT WARRANTY
      107:�
      188:[regex]$ProductsRegEx = �(?i)^(� + (($Products |foreach {[regex]::escape($_)}) �join "|") + ')$'
      191:	[regex]$BlocklistRegEx = �(?i)(� + (($Blocklist |foreach {[regex]::escape($_)}) �join "|") + ')'
      209:�
      217:�
    • I have removed/replaced those characters.
  • can't download xml
    2 Posts | Last post October 31, 2017
    • Hi Aaron
      I'm getting this when running the script.
      
      Downloading latest Office 365 XML data...
      Exception calling "DownloadString" with "1" argument(s): "The remote server returned an error: (407) Proxy Authentication Required."
    • Nevermind, obviously our environment is somehow preventing access to download the latest xml via powershell session? I worked around this by downloading the XML file locally, and updating the script to reference the local path.
      
      Thank you.
  • Thanks and a few questions
    2 Posts | Last post September 20, 2017
    • Hi Aaron, 
      I could never be thankful enough. Managing o365 urls / proxy.pac and so on is a pain, and this script will be extremely useful to me. I just discovered it by searching something similar, "in case someone already did", and just before starting writing it myself :-)
      
      I have a few questions though :
      1. You mentionned in a previous Q/A you were planning to elaborate a similar script to generate a CSV for the IP adresses/subnets to import into a firewall... Is it still planned ?
      
      2. I didn't really understood your previous answer about the duplicate lines dnsDomainIs/shExpMatch for wildcard urls. from what I known dnsdomainis doesn't recognize wildcards : shExpMatch(host, "*.domain.com") equals to dnsDomainIs(host, ".domain.com"), so that i believe it's useless and impacts perfs ....
      
      Anyway many thanks, again !
      
    • Hi, I just noticed the IP only export has been add as a feature in between. 
      
      For the duplicate wildcard lines, I just slightly changed the line 296 :
      
      If (!($url -match "\*")) { Add-Content $OutputFile "dnsDomainIs(host, ""$URL"")||" }
      
      so that URL starting with * are not added twice.
1 - 10 of 19 Items