
.VERSION 1.1.5
.GUID e5d18bf9-f775-4a7a-adff-f3da4de7f72f
.AUTHOR timmcmic

 This script tests to see if an IP address is contained within the Office 365 URL and IP address ranges.
    [Parameter(Mandatory = $false)]
    [Parameter(Mandatory = $true)]
    [Parameter(Mandatory = $true)]

Function new-LogFile

        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]


    # Get our log file path

    $logFolderPath = $logFolderPath+"\"+$logFileName+"\"
    #Since $logFile is defined in the calling function - this sets the log file name for the entire script
    $global:LogFile = Join-path $logFolderPath $fileName

    #Test the path to see if this exists if not create.

    [boolean]$pathExists = Test-Path -Path $logFolderPath

    if ($pathExists -eq $false)
            #Path did not exist - Creating

            New-Item -Path $logFolderPath -Type Directory
            throw $_
Function Out-LogFile

        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $false)]

    # Get the current date

    [string]$date = Get-Date -Format G

    # Build output string
    #In this case since I abuse the function to write data to screen and record it in log file
    #If the input is not a string type do not time it just throw it to the log.

    if ($string.gettype().name -eq "String")
        [string]$logstring = ( "[" + $date + "] - " + $string)
        $logString = $String

    # Write everything to our log file and the screen

    $logstring | Out-File -FilePath $global:LogFile -Append

    #Write to the screen the information passed to the log.

    if ($string.gettype().name -eq "String")
        Write-Host $logString
        write-host $logString | select-object -expandProperty *

    #If the output to the log is terminating exception - throw the same string.

    if ($isError -eq $TRUE)
        #Ok - so here's the deal.
        #By default error action is continue. IN all my function calls I use STOP for the most part.
        #In this case if we hit this error code - one of two things happen.
        #If the call is from another function that is not in a do while - the error is logged and we continue with exiting.
        #If the call is from a function in a do while - write-error rethrows the exception. The exception is caught by the caller where a retry occurs.
        #This is how we end up logging an error then looping back around.

        write-error $logString

        #Now if we're not in a do while we end up here -> go ahead and create the status file this was not a retryable operation and is a hard failure.


function get-ClientGuid
    $functionClientGuid = $NULL

    out-logfile -string "Entering new-ClientGuid"

        out-logfile -string "Obtain client GUID."
        $functionClientGuid = new-GUID -errorAction STOP
        out-logfile -string "Client GUID obtained successfully."
    catch {
        out-logfile -string $_
        out-logfile -string "Unable to obtain client GUID." -isError:$true

    out-logfile -string "Exiting new-ClientGuid"

    return $functionClientGuid

function get-Office365IPInformation
        [Parameter(Mandatory = $true)]

    $functionVersionInfo = $NULL

    out-logfile -string "Entering get-Office365IPInformation"

        out-logfile -string 'Invoking web request for information...'
        $functionVersionInfo = Invoke-WebRequest -Uri $baseURL -errorAction:STOP
        out-logfile -string 'Invoking web request complete...'
    catch {
        out-logfile -string $_
        out-logfile -string "Unable to invoke web request for Office 365 URL and IP information." -isError:$TRUE

    out-logfile -string "Exiting get-Office365IPInformation"

    return $functionVersionInfo

function get-webURL
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]

    $functionURL = $NULL

    out-logfile -string "Entering get-webURL"

    $functionURL = $baseURL+$clientGuid

    out-logfile -string "Exiting get-webURL"

    return $functionURL

function get-jsonData
        [Parameter(Mandatory = $true)]

    $functionData = $NULL

    out-logfile -string "Entering get-jsonData"

    try {
        $functionData = convertFrom-Json $data -errorAction Stop
    catch {
        out-logfile -string $_
        out-logfile -string "Unable to convert json data." -isError:$true

    out-logfile -string "Exiting get-jsonData"

    return $functionData

function test-IPSpace
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]

    $functionNetwork = $NULL

    out-logfile -string "Entering test-IPSpace"

    foreach ($entry in $dataToTest)
        Out-logfile -string ("Testing entry id: "+$

        if ($entry.ips.count -gt 0)
            out-logfile -string "IP count > 0"

            foreach ($ipEntry in $entry.ips)
                out-logfile -string ("Testing entry IP: "+$ipEntry)

                 $functionNetwork = [System.Net.IpNetwork]::Parse($ipEntry)

                 out-logfile -string ("BaseAddress: "+$functionNetwork.baseAddress+ " PrefixLength: "+$functionNetwork.PrefixLength)

                 if ($functionNetwork.Contains($IPAddress))
                    out-logfile -string "The IP to test is contained within the entry. Log the service."

                    $outputObject = new-Object psObject -property @{
                        M365Instance = $regionString
                        ID = $entry.ID
                        ServiceAreaDisplayName = $entry.ServiceAreaDisplayName
                        URLs = $entry.URLs
                        IPs = $entry.ips
                        IPInSubnet = $ipEntry
                        TCPPorts = $entry.tcpports
                        ExpressRoute = $entry.expressRoute
                        Required = $entry.required

                    out-logfile -string $outputObject

                    $global:outputArray += $outputObject
                    out-logfile -string "The IP to test is not contained within the entry - move on."
            out-logfile -string "IP count = 0 -> skipping"

    out-logfile -string "Exiting test-IPSpace"

function test-IPChangeSpace
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]

    $functionNetwork = $NULL
    $functionOriginalID = $null
    $functionServiceAreaDisplayName = $NULL

    out-logfile -string "Entering test-IPSpace"

    foreach ($entry in $changeDataToTest)
        Out-logfile -string ("Testing change entry id: "+$

        if ($entry.add.ips.count -gt 0)
            out-logfile -string "IP count > 0"

            foreach ($ipEntry in $entry.add.ips)
                out-logfile -string ("Testing entry IP: "+$ipEntry)

                 $functionNetwork = [System.Net.IpNetwork]::Parse($ipEntry)

                 out-logfile -string ("BaseAddress: "+$functionNetwork.baseAddress+ " PrefixLength: "+$functionNetwork.PrefixLength)

                 if ($functionNetwork.Contains($IPAddress))
                    out-logfile -string "The IP to test is contained within the entry. Log the service."

                    $functionOriginalID = $datatoTest | where {$ -eq $entry.EndpointSetID}

                    if ($functionOriginalID.ServiceAreaDisplayName -eq $NULL)
                        $functionServiceAreaDisplayName = "Endpoint Set ID No Longer Active"
                        $functionServiceAreaDisplayName = $functionOriginalID.ServiceAreaDisplayName

                    $outputObject = new-Object psObject -property @{
                        M365Instance = $regionString
                        ChangeID = $entry.ID
                        Disposition = $entry.Disposition
                        EndpointSetID = $entry.endpointSetId
                        Version = $entry.Version
                        ServiceAreaDisplayName = $functionServiceAreaDisplayName
                        IPsAdded = $entry.add.ips
                        IPInSubnet = $ipEntry

                    out-logfile -string $outputObject

                    $global:outputChangeArray += $outputObject
                    out-logfile -string "The IP to test is not contained within the entry - move on."
            out-logfile -string "IP count = 0 -> skipping"

    out-logfile -string "Exiting test-IPSpace"

function test-IPRemoveSpace
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]

    $functionNetwork = $NULL
    $functionOriginalID = $null
    $functionServiceAreaDisplayName = $NULL

    out-logfile -string "Entering test-IPSpace"

    foreach ($entry in $changeDataToTest)
        Out-logfile -string ("Testing change entry id: "+$

        if ($entry.remove.ips.count -gt 0)
            out-logfile -string "IP count > 0"

            foreach ($ipEntry in $entry.remove.ips)
                out-logfile -string ("Testing entry IP: "+$ipEntry)

                 $functionNetwork = [System.Net.IpNetwork]::Parse($ipEntry)

                 out-logfile -string ("BaseAddress: "+$functionNetwork.baseAddress+ " PrefixLength: "+$functionNetwork.PrefixLength)

                 if ($functionNetwork.Contains($IPAddress))
                    out-logfile -string "The IP to test is contained within the entry. Log the service."

                    $functionOriginalID = $datatoTest | where {$ -eq $entry.EndpointSetID}

                    if ($functionOriginalID.ServiceAreaDisplayName -eq $null)
                        $functionServiceAreaDisplayName = "Endpoint Set ID No Longer Active"
                        $functionServiceAreaDisplayName = $functionOriginalID.ServiceAreaDisplayName

                    $outputObject = new-Object psObject -property @{
                        M365Instance = $regionString
                        ChangeID = $entry.ID
                        Disposition = $entry.Disposition
                        EndpointSetID = $entry.endpointSetId
                        Version = $entry.Version
                        ServiceAreaDisplayName = $functionServiceAreaDisplayName
                        IPsRemove = $entry.remove.ips
                        IPInSubnet = $ipEntry

                    out-logfile -string $outputObject

                    $global:outputRemoveArray += $outputObject
                    out-logfile -string "The IP to test is not contained within the entry - move on."
            out-logfile -string "IP count = 0 -> skipping"

    out-logfile -string "Exiting test-IPSpace"

function get-IPLocationInformation
        [Parameter(Mandatory = $true)]

    $functionData = ""
    $ipLocationProvider = ""
    $ipLocationQuery = $ipLocationProvider+$ipAddress

    out-logfile -string "Entering get-IPLocationInformation"

    try {
        $functionData = invoke-WebRequest $ipLocationQuery
    catch {
        out-logfile -string $_
        out-logfile -string "Unable to invoke web request for geolocation lookup."
        $functionData = "Failed"

    out-logfile -string "Exiting get-IPLocationInformation"

    return $functionData

Function Test-PowershellVersion

        $functionPowerShellVersion = $NULL

        out-logfile -string "Entering Test-PowerShellVersion"

        #Write function parameter information and variables to a log file.

        $functionPowerShellVersion = $PSVersionTable.PSVersion

        out-logfile -string "Determining powershell version."
        out-logfile -string ("Major: "+$functionPowerShellVersion.major)
        out-logfile -string ("Minor: "+$functionPowerShellVersion.minor)
        out-logfile -string ("Patch: "+$functionPowerShellVersion.patch)
        out-logfile -string $functionPowerShellVersion

        if ($functionPowerShellVersion.Major -lt 7)
            out-logfile -string "Powershell 7 and higher is required to run this script."
            out-logfile -string "Please run module from Powershell 7.x"
            out-logfile -string "" -isError:$true
            out-logfile -string "Powershell version is not powershell 5.X proceed."

        out-logfile -string "Exiting Test-PowerShellVersion"


#Begin main function body.

#Define function variables.

if ($IPAddressToTest.contains("."))
    $logFileName = $IPAddressToTest.replace(".","-")
    $logFileName = $IPAddressToTest.replace(":","-")

$clientGuid = $NULL
$allVersionInfoBaseURL = ""
$allVersionInfoURL = $NULL
$allVersionInfo = $NULL

$allIPInformationWorldWideBaseURL = ""
$allIPInformationChinaBaseURL = ""
$allIPInformationUSGovGCCHighBaseURL = ""
$allIPInformationUSGovDODBaseURL = ""

$allIPChangeInformationWorldWideBaseURL = ""
$allIPChangeInformationChinaBaseURL = ""
$allIPChangeInformationUSGovGCCHighBaseURL = ""
$allIPChangeInformationUSGovDODBaseURL = ""

$allIPInformationWorldWideURL = $NULL
$allIPInformationChinaURL = $NULL
$allIPInformationUSGovGCCHighURL = $NULL
$allIPInformationUSGovDODURL = $NULL

$allIPChangeInformationWorldWideURL = $NULL
$allIPChangeInformationChinaURL = $NULL
$allIPChangeInformationUSGovGCCHighURL = $NULL
$allIPChangeInformationUSGovDODURL = $NULL

$allIPInformationWorldWide = $NULL
$allIPInformationChina = $NULL
$allIPInfomrationUSGovGCCHigh = $NULL
$allIPInformationUSGovDOD = $NULL

$allIPChangeInformationWorldWide = $NULL
$allIPChangeInformationChina = $NULL
$allIPChangeInfomrationUSGovGCCHigh = $NULL
$allIPChangeInformationUSGovDOD = $NULL

$worldWideRegionString = "Microsoft 365 Worldwide (+GCC)"
$chinaRegionString = "Microsoft 365 operated by 21 Vianet"
$gccHighRegionString = "Microsoft 365 U.S. Government GCC High"
$dodRegionString = "Microsoft 365 U.S. Government DoD"

$ipLocation = ""

$global:outputArray = @()

#Create the log file.

new-logfile -logFileName $logFileName -logFolderPath $logFolderPath

$outputXMLFile = $global:LogFile.replace(".log",".xml")
$outputChangeXMLFile = $global:LogFile.replace(".log","Adds.xml")
$outputRemoveXMLFile = $global:LogFile.replace(".log","Removes.xml")

out-logfile -string $global:LogFile
out-logfile -string $outputXMLFile
out-logfile -string $outputChangeXMLFile

#Start logging

out-logfile -string "*********************************************************************************"
out-logfile -string "Start Office365IPAddress"
out-logfile -string "*********************************************************************************"


out-logfile -string "Obtaining client guid for web requests."

$clientGuid = get-ClientGuid
$clientGUid = $clientGuid.tostring()    

out-logfile -string $clientGuid

out-logfile -string "Obtain and log version information for the query."

$allVersionInfoURL = get-webURL -baseURL $allVersionInfoBaseURL -clientGuid $clientGuid

out-logfile -string $allVersionInfoURL

$allVersionInfo = get-Office365IPInformation -baseURL $allVersionInfoURL

$allVersionInfo = get-jsonData -data $allVersionInfo

foreach ($version in $allVersionInfo)
    out-logfile -string ("Instance: "+$version.instance+" VersionInfo: "+$version.latest)

out-logfile -string "Calculate URLS for Office 365 IP Addresses"

$allIPInformationWorldWideURL = get-webURL -baseURL $allIPInformationWorldWideBaseURL -clientGuid $clientGuid
out-logfile -string $allIPInformationWorldWideURL
$allIPInformationChinaURL = get-webURL -baseURL $allIPInformationChinaBaseURL -clientGuid $clientGuid
out-logfile -string $allIPInformationChinaURL
$allIPInformationUSGovGCCHighURL = get-webURL -baseURL $allIPInformationUSGovGCCHighBaseURL -clientGuid $clientGuid
out-logfile -string $allIPInformationUSGovGCCHighURL
$allIPInformationUSGovDODURL = get-webURL -baseURL $allIPInformationUSGovDODBaseURL -clientGuid $clientGuid
out-logfile -string $allIPInformationUSGovDODURL

out-logfile -string "Calculate URLS for Office 365 IP Addresses Change"

$allIPChangeInformationWorldWideURL = get-webURL -baseURL $allIPChangeInformationWorldWideBaseURL -clientGuid $clientGuid
out-logfile -string $allIPChangeInformationWorldWideURL
$allIPChangeInformationChinaURL = get-webURL -baseURL $allIPChangeInformationChinaBaseURL -clientGuid $clientGuid
out-logfile -string $allIPChangeInformationChinaURL
$allIPChangeInformationUSGovGCCHighURL = get-webURL -baseURL $allIPChangeInformationUSGovGCCHighBaseURL -clientGuid $clientGuid
out-logfile -string $allIPChangeInformationUSGovGCCHighURL
$allIPChangeInformationUSGovDODURL = get-webURL -baseURL $allIPChangeInformationUSGovDODBaseURL -clientGuid $clientGuid
out-logfile -string $allIPChangeInformationUSGovDODURL

out-logfile -string "Obtain IP information for all available Office 365 instances."

$allIPInformationWorldWide = get-Office365IPInformation -baseURL $allIPInformationWorldWideURL
$allIPInformationChina = get-Office365IPInformation -baseURL $allIPInformationChinaURL
$allIPInfomrationUSGovGCCHigh = get-Office365IPInformation -baseURL $allIPInformationUSGovGCCHighURL
$allIPInformationUSGovDOD = get-Office365IPInformation -baseURL $allIPInformationUSGovDODURL

out-logfile -string "Obtain IP information for all available Office 365 instances changes."

$allIPChangeInformationWorldWide = get-Office365IPInformation -baseURL $allIPChangeInformationWorldWideURL
$allIPChangeInformationChina = get-Office365IPInformation -baseURL $allIPChangeInformationChinaURL
$allIPChangeInfomrationUSGovGCCHigh = get-Office365IPInformation -baseURL $allIPChangeInformationUSGovGCCHighURL
$allIPChangeInformationUSGovDOD = get-Office365IPInformation -baseURL $allIPChangeInformationUSGovDODURL

out-logfile -string "Convert IP information from JSON."

$allIPInformationWorldWide = get-jsonData -data $allIPInformationWorldWide
$allIPInformationChina = get-jsonData -data $allIPInformationChina
$allIPInfomrationUSGovGCCHigh = get-jsonData -data $allIPInfomrationUSGovGCCHigh
$allIPInformationUSGovDOD = get-jsonData -data $allIPInformationUSGovDOD

out-logfile -string "Convert IP information from JSON changes."

$allIPChangeInformationWorldWide = get-jsonData -data $allIPChangeInformationWorldWide
$allIPChangeInformationChina = get-jsonData -data $allIPChangeInformationChina
$allIPChangeInfomrationUSGovGCCHigh = get-jsonData -data $allIPChangeInfomrationUSGovGCCHigh
$allIPChangeInformationUSGovDOD = get-jsonData -data $allIPChangeInformationUSGovDOD

out-logfile -string "Begin testing IP spaces for presence of the specified IP address."

test-IPSpace -dataToTest $allIPInformationWorldWide -IPAddress $IPAddressToTest -regionString $worldWideRegionString
test-IPSpace -dataToTest $allIPInformationChina -IPAddress $IPAddressToTest -regionString $chinaRegionString
test-IPSpace -dataToTest $allIPInfomrationUSGovGCCHigh -IPAddress $IPAddressToTest -regionString $gccHighRegionString
test-IPSpace -dataToTest $allIPInformationUSGovDOD -IPAddress $IPAddressToTest -regionString $dodRegionString

if ($global:outputArray.count -gt 0)
    out-logfile -string "IPs found in Active Service - test for changes."

    test-IPChangeSpace -dataToTest $allIPInformationWorldWide -IPAddress $IPAddressToTest -regionString $worldWideRegionString -changeDataToTest $allIPChangeInformationWorldWide
    test-IPChangeSpace -dataToTest $allIPInformationChina -IPAddress $IPAddressToTest -regionString $chinaRegionString -changeDataToTest $allIPChangeInformationChina
    test-IPChangeSpace -dataToTest $allIPInfomrationUSGovGCCHigh -IPAddress $IPAddressToTest -regionString $gccHighRegionString -changeDataToTest $allIPChangeInfomrationUSGovGCCHigh
    test-IPChangeSpace -dataToTest $allIPInformationUSGovDOD -IPAddress $IPAddressToTest -regionString $dodRegionString -changeDataToTest $allIPChangeInformationUSGovDOD
    out-logfile -string "No IP addresses found -> no need to test for additions."

if ($global:outputArray.count -eq 0)
    out-logfile -string "Since the global output count is equal to 0 -> testing to see if the IP address was removed."

    test-IPRemoveSpace -dataToTest $allIPInformationWorldWide -IPAddress $IPAddressToTest -regionString $worldWideRegionString -changeDataToTest $allIPChangeInformationWorldWide
    test-IPRemoveSpace -dataToTest $allIPInformationChina -IPAddress $IPAddressToTest -regionString $chinaRegionString -changeDataToTest $allIPChangeInformationChina
    test-IPRemoveSpace -dataToTest $allIPInfomrationUSGovGCCHigh -IPAddress $IPAddressToTest -regionString $gccHighRegionString -changeDataToTest $allIPChangeInfomrationUSGovGCCHigh
    test-IPRemoveSpace -dataToTest $allIPInformationUSGovDOD -IPAddress $IPAddressToTest -regionString $dodRegionString -changeDataToTest $allIPChangeInformationUSGovDOD
    out-logfile -string "The IP address was found - no need to test for removals."

if ($global:outputArray.count -gt 0)
    if ($allowQueryIPLocationInformationFromThirdParty -eq $TRUE)
        $ipLocation = get-IPLocationInformation -ipAddress $ipAddressToTest

        out-logfile -string $ipLocation

        if ($ipLocation -ne "Failed")
            out-logfile -string "Converting IP location JSON."
            $ipLocation = get-jsonData -data $ipLocation

    out-logfile -string "*"
    out-logfile -string "**"
    out-logfile -string "******************************************************"
    out-logfile -string ("The IP Address: "+$IPAddressToTest+ " was located in any Office 365 Services.")

    if ($ipLocation -ne "Failed")
        out-logfile -string ("The IP Address geo-location is: "+$

    write-host "IP entries present in the following Office 365 Services:"

    foreach ($entry in $global:outputArray)

    if ($global:outputChangeArray)
        write-host "IP entries present in the changes file:"

        foreach ($entry in $global:outputChangeArray)

    out-logfile -string "A XML file containing the above entries is available in the log directory."
    out-logfile -string "******************************************************"
    out-logfile -string "**"
    out-logfile -string "*"

    if ($global:outputArray.count -gt 0)
        out-logfile -string ""
        out-logfile -string "IPs was located in the following service description:"
        out-logfile -string ""

        foreach ($entry in $global:outputArray)
            out-logfile -string $entry
        $global:outputArray | Export-Clixml -Path $outputXMLFile

    if ($global:outputChangeArray.count -gt 0)
        out-logfile -string ""
        out-logfile -string "IP was located in the following version additions since 2018:"
        out-logfile -string ""

        foreach ($entry in $global:outputChangeArray)
            out-logfile -string $entry

        $global:outputChangeArray | Export-Clixml -Path $outputChangeXMLFile
    out-logfile -string "******************************************************"
    out-logfile -string ("The IP Address: "+$IPAddressToTest+ " was NOT located in the following Office 365 Services.")
    out-logfile -string "******************************************************"

    if ($global:outputRemoveArray.count -gt 0)
        write-host "The following changes removed the IP address:"

        foreach ($entry in $global:outputRemoveArray)

        foreach ($entry in $global:outputRemoveArray)
            out-logfile -string $entry

        $global:outputRemoveArray | Export-Clixml -Path $outputRemoveXMLFile
