Office 365: firewall exception for Windows Remote Management service or Powershell Session via Proxy

As an email admin you definitely heard or worked with Office365 Exchange Online Shell.

There is a great article on Microsoft Technet on how to connect to Exchange Online Powershell.

The steps outlined in the MS article work in 9 cases out of 10. Today I want to talk about that rare 10th case.

Default Behavior

Usually in enterprise environment all of the web traffic is routed through proxy servers and direct access to public net is limited to few IP addresses.

In order to connect to Exchange Online Shell we need to create session using New-PSSession cmdlet:

New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $UserCredential -Authentication Basic -AllowRedirection

By default New-PSSession will try to connect directly to ConnectionUri.

In order to show you the default behavior we will get all IP addresses associated with outlook.office365.com using nslookup tool:

nslookup outlook.office365.com

Now we will try to connect to Exchange Online Shell and will check how we are connecting using netstat tool:

netstat -nat
netstat -nat

New-PSSession via Proxy

If machine from which you are trying to connect is allowed to go directly to internet like mine you are lucky to be one of 9 working cases.

But if not, you have two options – submit a firewall opening request to allow you to connect to Exchange Online directly which will make your Security Officer and Networking guys be not very happy about it.

Or adjust the new session creation and force it to go through the proxy as all other web traffic.

The easiest way to do this is to import proxy settings from IE as in enterprise environment all computers are joined to Active Directory and most likely proxy settings are distributed via group policy:

$proxySettings = New-PSSessionOption -ProxyAccessType IEConfig  -ProxyAuthentication basic
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection -SessionOption $proxySettings

I wrap it all up in module which is available for download from PSGallery.

Module name is ExchangeOnlineShell. To download it simple run this cmdlet from your Powerhell:

Install-Module -Name ExchangeOnlineShell

Thanks a lot for reading. If you have any questions please leave them in a comment section below.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.