Find Whitelisted Users, Domains, and IPs in Office 365

Find Whitelisted Users, Domains, and IPs in Office 365

  • 1
  •  
  •  
  •  
  •  
  •  
    1
    Share
Find Whitelisted Users, Domains, and IPs in Office 365
5 (100%) 2 votes

If you’ve ever asked anyone how to do virtually anything, the answer is usually “It depends.” Just as there is no wrong way to eat a Reese’s Peanut Butter Cup and more than one way to skin a cat, so it frequently is with technological tasks.  Throughout the years, we have had many different mechanisms to both block content and exempt content from being blocked, and Office 365 is no different.

Office 365 gives us a few different mechanisms to allow or block content based on sender address, domains, partial matches, or IP addresses:

  • Connection (IP) filter – Use the connection filter to block or allow connections based on specific IP address or ranges
    • Connection filters can be used for both allow and block actions
    • A connection filter can have 1,273 entries.
    • Connection filters can only be used for address ranges from /24 (class C) to /32 (single IP address).  If you need to specify a larger range than a /24, you will need to use a transport rule to set the SCL to -1.
  • Content (spam) filter – The spam filter is the preferred way for configuring allow and block lists for senders and domains in Office 365.
  • Transport rule – The transport rule is the oldest mechanism Exchange has to handle with routing or manipulating messages.  To configure a sender, domain, or IP address to bypass the spam filter, you would use an action of SetScl in New-TransportRule or Set-TransportRule.

When troubleshooting why messages might be getting through (when you’d expect them to be blocked), you may want to review your transport rules as well as connection and content filters.  It’s difficult to see all of the settings at once, which is why I put together this script.

  1. Go download the script.
  2. Open a PowerShell window.
  3. Connect to Office 365. If you’re already connected to Office 365, great! If not, you can specify a Credential via the -Credential parameter or wait to be prompted.
  4. Run .\Get-AllowAndBlockListings.ps1 from the location where you downloaded the script.
  5. You can then review the CSV output or open up $report object and filter on it as you like.  The $report object contains the same data that the CSV output does.

The ouput of this script is a CSV containing the following columns:

  • PolicyType: ContentOrSpamFilter, ConnectionFilter, TransportRule
  • PolicyName: Name of the policy
  • PolicyGuid: Object guid of the policy or transport rule
  • ObjectType: User, Domain, IP, ContainsWords, PatternMatch
  • ObjectName: Value (user, domain, IP, word/pattern match content)
  • ActionType: Allow,Block

To get the script, head over to the Technet Gallery: https://gallery.technet.microsoft.com/Get-Exchange-Online-and-55209ff4

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.