If you have a proxy server in your environment and are using (or thinking about using) Office 365 then you will hit some pain barriers. As awesome as Office 365 is, she just isn’t a fan of proxies.
We used to be left to our own initiative, creating complex proxy bypass rules and guessing which URLs we had to exclude. This process is compounded if you also maintain a strict CIDR range on your Firewall for Office 365 endpoints.
This script will access updated information to create a PAC file to prioritize Microsoft 365 Urls for better access to the service. This script will allow you to create different types of files depending on how traffic needs to be prioritized.Microsoft Gallery Comment
Head over to the Gallery to view the script https://www.powershellgallery.com/packages/Get-PacFile/1.0.4
Go ahead and install it by using the command:-
Install-Script -Name Get-PacFile
You will be prompted to also install the “NuGet Provider”. Go ahead.
Below is a list of parameters you can pass to the script to customize the generated PAC.
Type – The type of the proxy PAC file that you want to generate.
- 1 – Send Optimize endpoint traffic direct and everything else to the proxy server.
- 2 – Send Optimize and Allow endpoint traffic direct and everything else to the proxy server. This type can also be used to send all supported ExpressRoute for Office 365 traffic to ExpressRoute network segments and everything else to the proxy server.
ClientRequestID – This is required and is a GUID passed to the web service that represents the client machine making the call.
Instance – The Office 365 service instance which defaults to Worldwide. Also passed to the web service.
Tenant Name – Your Office 365 tenant name. Passed to the web service and used as a replaceable parameter in some Office 365 URLs.
DefaultProxySettings – Your Proxy Server and Port preceded with the word “PROXY”
DirectProxySettings – The direct proxy settings for priority traffic.
ServiceAreas – What Services do you want defined in the PAC
- Exchange – Exchange Online and Exchange Online Protection
- SharePoint – SharePoint Online and OneDrive for Business
- Skype – Skype for Business and Microsoft Teams
- Common – Office 365 Pro Plus, Office Online, Azure AD and other common network endpoints
LowerCase – Flag this to include lowercase transformation into the PAC file for the host name matching.
.EXAMPLEExamples given in the script
.\Get-PacFile.ps1 -ClientRequestId b10c5ed1-bad1-445f-b386-b919946339a7 -DefaultProxySettings “PROXY 18.104.22.168:70” > type1.pac
.\Get-PacFile.ps1 -ClientRequestId b10c5ed1-bad1-445f-b386-b919946339a7 -Instance China -Type 2 -DefaultProxySettings “PROXY 22.214.171.124:70” > type2.pac
.\Get-PacFile.ps1 -ClientRequestId b10c5ed1-bad1-445f-b386-b919946339a7 -Instance WorldWide -Lowercase -TenantName tenantName -ServiceAreas Sharepoint,Skype
Don’t forget to export the PAC to a file using >file.txt
Get-PacFile.ps1 -type 2 -ClientRequestId b10c5ed1-bad1-445f-b386-b919946339a7 -Instance Worldwide -DefaultProxySettings "PROXY 10.11.12.13:8080" -LowerCase -TenantName byteben -ServiceAreas Sharepoint,Skype,Exchange,Common > D:\pac.pac