Last active
December 16, 2024 21:12
-
-
Save shannonfritz/4c9f1cf800f3406729a58417639736f3 to your computer and use it in GitHub Desktop.
Test network connectivity to endpoints used by Windows 365 Cloud PCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ScriptName = 'Test-Windows365Endpoints' | |
| $ScriptVer = 'v0.06' | |
| # Test network connectivity to Windows 365 Services (including AVD and Intune) | |
| # There are now two ways to use this script: | |
| # 1. Run from the Cloud PC or a VM connected to an Azure VNet where CPCs will be provisioned | |
| # 2. Run from the Client PC or a device connected to the Network where the client device is used | |
| # Run this script directly from this gist using the command below | |
| # powershell -ex bypass "iex (irm https://aka.ms/testw365vnet)" | |
| # Host/Ports were taken from the link below on 2024-Dec-16 - Check for newer lists and update as necessary | |
| # https://learn.microsoft.com/en-us/windows-365/enterprise/requirements-network?tabs=enterprise%2Cent#windows-365-service | |
| $endpoints_w365 = @( | |
| '*.infra.windows365.microsoft.com', | |
| '*.cmdagent.trafficmanager.net', | |
| 'login.microsoftonline.com', | |
| 'login.live.com', | |
| 'enterpriseregistration.windows.net', | |
| 'global.azure-devices-provisioning.net:443,5671', | |
| 'hm-iot-in-prod-prap01.azure-devices.net:443,5671', | |
| 'hm-iot-in-prod-prau01.azure-devices.net:443,5671', | |
| 'hm-iot-in-prod-preu01.azure-devices.net:443,5671', | |
| 'hm-iot-in-prod-prna01.azure-devices.net:443,5671', | |
| 'hm-iot-in-prod-prna02.azure-devices.net:443,5671', | |
| 'hm-iot-in-2-prod-preu01.azure-devices.net:443,5671', | |
| 'hm-iot-in-2-prod-prna01.azure-devices.net:443,5671', | |
| 'hm-iot-in-3-prod-preu01.azure-devices.net:443,5671', | |
| 'hm-iot-in-3-prod-prna01.azure-devices.net:443,5671', | |
| 'hm-iot-in-4-prod-prna01.azure-devices.net:443,5671' | |
| ) | |
| # Host/Ports were taken from the link below on 2024-Dec-16 - Check for newer lists and update as necessary | |
| $clientendpoints_w365 = @( | |
| # https://learn.microsoft.com/en-us/azure/virtual-desktop/required-fqdn-endpoint?tabs=azure#end-user-devices | |
| 'login.microsoftonline.com', | |
| '*.wvd.microsoft.com', | |
| '*.servicebus.windows.net', | |
| 'go.microsoft.com', | |
| 'aka.ms', | |
| 'learn.microsoft.com', | |
| 'privacy.microsoft.com', | |
| '*.cdn.office.net', | |
| 'graph.microsoft.com', | |
| 'windows.cloud.microsoft', | |
| 'windows365.microsoft.com', | |
| 'ecs.office.com', | |
| # https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-ca-details?tabs=root-and-subordinate-cas-list#certificate-downloads-and-revocation-lists | |
| 'cacerts.digicert.com', | |
| 'cacerts.digicert.cn', | |
| 'cacerts.geotrust.com', | |
| 'www.microsoft.com', | |
| 'crl3.digicert.com', | |
| 'crl4.digicert.com', | |
| 'crl.digicert.cn', | |
| 'cdp.geotrust.com', | |
| 'www.microsoft.com', | |
| 'ocsp.digicert.com', | |
| 'ocsp.digicert.cn', | |
| 'oneocsp.microsoft.com', | |
| 'status.geotrust.com' | |
| ) | |
| # Host/Ports were taken from the link below on 2023-Oct-24 - Check for newer lists and update as necessary | |
| # https://learn.microsoft.com/en-us/azure/virtual-desktop/safe-url-list?tabs=azure#session-host-virtual-machines | |
| $endpoints_avd = @( | |
| 'login.microsoftonline.com:443', | |
| '*.wvd.microsoft.com:443', | |
| 'catalogartifact.azureedge.net:443', | |
| '*.prod.warm.ingest.monitor.core.windows.net:443', | |
| 'gcs.prod.monitoring.core.windows.net:443', | |
| 'azkms.core.windows.net:1688', | |
| 'mrsglobalsteus2prod.blob.core.windows.net:443', | |
| 'wvdportalstorageblob.blob.core.windows.net:443', | |
| '169.254.169.254:80', | |
| '168.63.129.16:80', | |
| 'oneocsp.microsoft.com:80', | |
| 'www.microsoft.com:80' | |
| ) | |
| function Test-HostPortList { | |
| param ( | |
| [string]$Hostname, | |
| [string]$PortList = '' | |
| ) | |
| # Manually override Hostname to test for certain hosts... | |
| if ($Hostname -eq 'emdl.ws.microsoft.com') { $Hostname = "*.emdl.ws.microsoft.com"; } | |
| # Manually override Hostname to test for certain hosts... | |
| if ($Hostname -eq 'emdl.ws.microsoft.com') { $Hostname = "*.emdl.ws.microsoft.com"; } | |
| if ($Hostname.StartsWith('*')) { | |
| Write-Host "Cannot test $Hostname" -ForegroundColor DarkYellow | |
| return | |
| } | |
| Write-Host -NoNewline "Testing $Hostname" | |
| # Manually override port to test for certain hosts... | |
| if ($Hostname -eq 'time.windows.com') { $PortList = "80"; } | |
| # Use 443 when port is NOT specified | |
| if ($PortList -eq '') { | |
| $PortList = "443" | |
| } | |
| foreach ($TestPort in $PortList.split(',')) { | |
| Write-Host -NoNewline " ...($TestPort) " | |
| if (Test-NetConnection $Hostname -Port $TestPort -InformationLevel Quiet -WarningAction SilentlyContinue) { | |
| Write-Host -NoNewline "OK" -ForegroundColor Green | |
| } | |
| else { | |
| Write-Host -NoNewline "FAIL" -ForegroundColor Red | |
| } | |
| } | |
| Write-Host '' | |
| } | |
| ########################### | |
| Write-Host "$ScriptName $ScriptVer" -ForegroundColor Blue | |
| Write-Host "Enter the type of Network Connectivity to test" -ForegroundColor Yellow | |
| Write-Host " 1 - Test from the Host Network (from the Cloud PC)" | |
| Write-Host " 2 - Test from the Client network (from the User Device)" | |
| Write-Host " 3 - Test Both" | |
| $DefaultMethod = 1 | |
| $TestMethod = Read-Host "Default [$($DefaultMethod)]" | |
| $TestMethod = ($DefaultMethod,$TestMethod)[[bool]$TestMethod] | |
| Write-Host "Testing Method: $($TestMethod)" | |
| if (($TestMethod -eq 3) -or ($TestMethod -eq 1)) { | |
| Write-Host "Testing Hosts" | |
| Write-Host "Loading Windows 365 host list" -ForegroundColor Cyan | |
| foreach ($hostport in $endpoints_w365) { | |
| $hostport = $hostport.split(':'); | |
| Test-HostPortList -Hostname $hostport[0] -PortList $hostport[1] | |
| } | |
| Write-Host "Loading AVD host list" -ForegroundColor Cyan | |
| foreach ($hostport in $endpoints_avd) { | |
| $hostport = $hostport.split(':'); | |
| Test-HostPortList -Hostname $hostport[0] -PortList $hostport[1] | |
| } | |
| Write-Host "Loading Intune host list" -ForegroundColor Cyan | |
| foreach ($hostport in (invoke-restmethod -Uri ("https://endpoints.office.com/endpoints/WorldWide?ServiceAreas=MEM`&clientrequestid=" + ([GUID]::NewGuid()).Guid)) | Where-Object { $_.ServiceArea -eq "MEM" -and $_.urls } | Select-Object -unique -ExpandProperty urls) { | |
| Test-HostPortList -Hostname $hostport | |
| } | |
| } | |
| if (($TestMethod -eq 3) -or ($TestMethod -eq 2)) { | |
| Write-Host "Testing Clients" | |
| Write-Host "Loading Windows 365 host list for Clients" -ForegroundColor Cyan | |
| foreach ($hostport in $clientendpoints_w365) { | |
| $hostport = $hostport.split(':'); | |
| Test-HostPortList -Hostname $hostport[0] -PortList $hostport[1] | |
| } | |
| } | |
| Write-Host "Done." -ForegroundColor Blue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is great, thank you!