Thursday, October 11, 2018

Querying IP Addresses for EOP using PowerShell

There is always a desire to lock down the communication for Exchange hybrid servers. If you want to lock down a receive connector in your on-premises Exchange for communication with Exchange Online, there is a published list of IP addresses:
The only IP addresses on that web page that are relevant for a receive connector those for Exchange online and TCP port 25. These are the IP address for Exchange Online Protection (EOP).

To simplify automated configuration, Microsoft also makes these IP addresses available in XML format downloadable directly from Microsoft. You can download this using PowerShell.
[xml]$xml = invoke-webrequest -uri https://go.microsoft.com/fwlink/?LinkId=533185
Once you have downloaded the xml file, you can extract just the IP addresses for Exchange Online Protection.

$EopIP = (($xml.products.product | Where-Object name -eq "eop").addresslist | Where-Object type -eq "ipv4").address

Once you have that list of IP addresses, it's easy to configure a receive connector with that list of addresses.

Set-ReceiveConnector -Name O365 -RemoteIPRanges $EopIP