Powershell get Exchange Online IP addresses (for Firewall rules)

This one-liner will download the Office 365 IP list XML file and extract the IPv4 addresses for EOP and Exchange Online.

([xml](invoke-webrequest -uri https://go.microsoft.com/fwlink/?LinkId=533185) | select-xml -XPath './/product[@name = "EOP" or @name = "EXO"]//addresslist[@type = "IPv4"]//address').node."#text"

We are using an XPATH filter to examine the XML document for the appropriate data. Like regular expressions for almost all text, understanding XPath can be very helpful for anything that uses XML underneath the covers, like event logs.

The basic file structure of the XML document looks like this

<?xml version="1.0" encoding="utf-8"?>
    <products updated="6/6/2017">
        <product name="o365">
            <addresslist type="IPv6">
                <address>2603:1020:200::682f:a1d8/128</address>
                    ...             
            </addresslist>
            <addresslist type="IPv4">
                <address>13.64.196.27/32</address>              
                    ...
            </addresslist>
            <addresslist type="URL">
                <address>*.aadrm.com</address>              
                    ...
            </addresslist>
        </product>
        <product name="EOP">
            ...
        </product>
    </products>

The Xpath Command .//product[@name = "EOP" or @name = "EXO"]//addresslist[@type = "IPv4"]//address is saying Search from the root for a product with name attribute of EOP or EXO and find addresslist under it with type of IPv4 This gives us all the IPv4 addresses within the products EOP and EXO in CIDR format.