Search

MC498471 – (Updated) IPv6 coming to Azure AD (archived)

cloudscout.one Icon

check before: 2023-03-30

Product:

Azure Active Directory, Entra, Entra ID, Microsoft 365 Apps

Platform:

World tenant, Online

Status:

Change type:

Admin impact, New feature, Updated message

Links:

Details:

Updated May 30, 2023: IPv6 support is rolling out globally across all Azure AD regions, which may have an impact on Azure Active Directory customers. Your users might experience blocks or receive more multi-factor authentication requests than usual. In such cases, we recommend reviewing your tenant’s sign-in logs.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2023-01-18

updated:
2023-07-15

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2023-07-15MC MessagesUpdated May 30, 2023: IPv6 support is rolling out globally across all Azure AD regions, which may have an impact on Azure Active Directory customers. Your users might experience blocks or receive more multi-factor authentication requests than usual. In such cases, we recommend reviewing your tenant’s sign-in logs.
This impact on your tenant could be due to end users connecting from IPv6 ranges that are not configured in your tenant’s Named locations. To address this, please follow the steps outlined on this page to identify IPv6 ranges in your tenant’s environment and configure the necessary settings.
Please share the following guidance with the relevant members of your IT administration team:

IT / Security Admin: Utilize the sign-in report described in the Identifying IPv6 traffic with Azure AD Sign-in activity reports. Use the resulting address list to determine if any IPv6 ranges need to be added to your Azure AD Security Named locations, following the steps provided. It’s also important to collaborate with your internal networking teams to verify IPv6 ranges for your organization, as required.
Network admin: Collaborate with your IT/Security admin to identify known IPv6 ranges in your network infrastructure. Add these ranges to your tenant’s existing Azure AD Named locations by following the steps provided.
We will continue to roll out IPv6 across all Azure AD regions until the end of June 2023.
Earlier, we had announced our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD) enabling our customers to reach the Azure AD services over IPv4, IPv6 or dual stack endpoints. This is just a reminder that we’ll begin introducing IPv6 support into Azure AD services in a phased approach, starting March 31st, 2023.

If your networks don’t support IPv6, you don’t need to take any action to change your configurations or policies. For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure AD features or services. We will continue to share additional guidance on IPv6 enablement in Azure AD at this easy to remember link https://aka.ms/azureadipv6.
With the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and IPv6 networks.

Today, we’re excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD). This will allow customers to reach the Azure AD services over both IPv4 and IPv6 network protocols (dual stack).
For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure Active Directory features or services.
[When this will happen:]
We’ve been gradually rolling out IPv6 for some of our services for a while. Starting in late March 2023 we'll begin enabling IPv6 for Azure AD authentication. We will introduce IPv6 support into Azure AD authentication in a phased approach, beginning late March 2023.
Updated May 30, 2023: IPv6 support is rolling out globally across all Azure AD regions, which may have an impact on Azure Active Directory customers. Your users might experience blocks or receive more multi-factor authentication requests than usual. In such cases, we recommend reviewing your tenant’s sign-in logs.
2023-07-15MC How AffectWe will continue to share additional guidance on IPv6 enablement in Azure AD here: IPv6 Support in Azure Active Directory.
Learn more about Microsoft identity:
Get to know Microsoft Entra – a comprehensive identity and access product family
Return to the Microsoft Entra (Azure AD) blog home
Share product suggestions on the Entra (Azure AD) forum
2023-07-15MC prepareWe have guidance below which is specifically for Azure AD customers, who use IPv6 addresses and also use Named Locations in their Conditional Access policies.
If you have public IPv6 addresses representing your network, take the actions that are described in the following sections as soon as possible.
Customers who use named locations to identify specific network boundaries in their organization, need to:
Conduct an audit of existing named locations to anticipate potential impact;
Work with your network partner to identify egress IPv6 addresses in use in your environment.;
Review and update existing named locations to include the identified IPv6 ranges.
Customers who use Conditional Access location based policies, to restrict and secure access to their apps from specific networks, need to:
Conduct an audit of existing Conditional Access policies to identify use of named locations as a condition to anticipate potential impact;
Review and update existing Conditional Access location based policies to ensure they continue to meet your organization’s security requirements.
Failing to follow these steps might result in the following impact:
Users of IPv6 addresses may be blocked, depending on your organization's Conditional Access policies and Identity Protection configurations.
False positive detections due to 'Mark as trust location' not being checked for your internal networks and VPN’s can result in users being marked as risky.
We will continue to share additional guidance on IPv6 enablement in Azure AD here: IPv6 Support in Azure Active Directory.
Learn more about Microsoft identity:
Get to know Microsoft Entra – a comprehensive identity and access product family
Return to the Microsoft Entra (Azure AD) blog home
Share product suggestions on the Entra (Azure AD) forum
https://aka.ms/azureadipv6
https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#identifying-ipv6-traffic-with-azure-ad-sign-in-activity-reports
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#ip-address-ranges
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#ipv4-and-ipv6-address-ranges
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/introducing-microsoft-entra-modern-identity-and-access-solutions/ba-p/2520440
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/ipv6-coming-to-azure-ad/ba-p/2967451
https://aka.ms/azureadipv6
https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#identifying-ipv6-traffic-with-azure-ad-sign-in-activity-reports
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#ip-address-ranges
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#ipv4-and-ipv6-address-ranges
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/introducing-microsoft-entra-modern-identity-and-access-solutions/ba-p/2520440
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/ipv6-coming-to-azure-ad/ba-p/2967451
2023-05-31MC Last Updated03/21/2023 20:01:112023-05-31T00:07:39Z
2023-05-31MC MessagesUpdated March 21, 2023: Earlier, we had announced our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD) enabling our customers to reach the Azure AD services over IPv4, IPv6 or dual stack endpoints. This is just a reminder that we’ll begin introducing IPv6 support into Azure AD services in a phased approach, starting March 31st, 2023.
If your networks don’t support IPv6, you don’t need to take any action to change your configurations or policies. For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure AD features or services. We will continue to share additional guidance on IPv6 enablement in Azure AD at this easy to remember link https://aka.ms/azureadipv6.
With the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and IPv6 networks.

Today, we’re excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD). This will allow customers to reach the Azure AD services over both IPv4 and IPv6 network protocols (dual stack).
For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure Active Directory features or services.
[When this will happen:]
We’ve been gradually rolling out IPv6 for some of our services for a while. Starting in late March 2023 we'll begin enabling IPv6 for Azure AD authentication. We will introduce IPv6 support into Azure AD authentication in a phased approach, beginning late March 2023.
Updated May 30, 2023: IPv6 support is rolling out globally across all Azure AD regions, which may have an impact on Azure Active Directory customers. Your users might experience blocks or receive more multi-factor authentication requests than usual. In such cases, we recommend reviewing your tenant’s sign-in logs.
This impact on your tenant could be due to end users connecting from IPv6 ranges that are not configured in your tenant’s Named locations. To address this, please follow the steps outlined on this page to identify IPv6 ranges in your tenant’s environment and configure the necessary settings.
Please share the following guidance with the relevant members of your IT administration team:

IT / Security Admin: Utilize the sign-in report described in the Identifying IPv6 traffic with Azure AD Sign-in activity reports. Use the resulting address list to determine if any IPv6 ranges need to be added to your Azure AD Security Named locations, following the steps provided. It’s also important to collaborate with your internal networking teams to verify IPv6 ranges for your organization, as required.
Network admin: Collaborate with your IT/Security admin to identify known IPv6 ranges in your network infrastructure. Add these ranges to your tenant’s existing Azure AD Named locations by following the steps provided.
We will continue to roll out IPv6 across all Azure AD regions until the end of June 2023.
Earlier, we had announced our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD) enabling our customers to reach the Azure AD services over IPv4, IPv6 or dual stack endpoints. This is just a reminder that we’ll begin introducing IPv6 support into Azure AD services in a phased approach, starting March 31st, 2023.

If your networks don’t support IPv6, you don’t need to take any action to change your configurations or policies. For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure AD features or services. We will continue to share additional guidance on IPv6 enablement in Azure AD at this easy to remember link https://aka.ms/azureadipv6.
With the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and IPv6 networks.

Today, we’re excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD). This will allow customers to reach the Azure AD services over both IPv4 and IPv6 network protocols (dual stack).
For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure Active Directory features or services.
[When this will happen:]
We’ve been gradually rolling out IPv6 for some of our services for a while. Starting in late March 2023 we'll begin enabling IPv6 for Azure AD authentication. We will introduce IPv6 support into Azure AD authentication in a phased approach, beginning late March 2023.
2023-05-31MC End Time06/30/2023 09:00:002023-07-31T09:00:00Z
2023-05-31MC prepareWe have guidance below which is specifically for Azure AD customers, who use IPv6 addresses and also use Named Locations in their Conditional Access policies.
If you have public IPv6 addresses representing your network, take the actions that are described in the following sections as soon as possible.
Customers who use named locations to identify specific network boundaries in their organization, need to:
Conduct an audit of existing named locations to anticipate potential impact;
Work with your network partner to identify egress IPv6 addresses in use in your environment.;
Review and update existing named locations to include the identified IPv6 ranges.
Customers who use Conditional Access location based policies, to restrict and secure access to their apps from specific networks, need to:
Conduct an audit of existing Conditional Access policies to identify use of named locations as a condition to anticipate potential impact;
Review and update existing Conditional Access location based policies to ensure they continue to meet your organization’s security requirements.
Failing to follow these steps might result in the following impact:
Users of IPv6 addresses may be blocked, depending on your organization's Conditional Access policies and Identity Protection configurations.
False positive detections due to 'Mark as trust location' not being checked for your internal networks and VPN’s can result in users being marked as risky.
We will continue to share additional guidance on IPv6 enablement in Azure AD here: IPv6 Support in Azure Active Directory.
Learn more about Microsoft identity:
Get to know Microsoft Entra – a comprehensive identity and access product family
Return to the Microsoft Entra (Azure AD) blog home
Share product suggestions on the Entra (Azure AD) forum
https://aka.ms/azureadipv6
https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#ip-address-ranges
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/introducing-microsoft-entra-modern-identity-and-access-solutions/ba-p/2520440
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/ipv6-coming-to-azure-ad/ba-p/2967451
We have guidance below which is specifically for Azure AD customers, who use IPv6 addresses and also use Named Locations in their Conditional Access policies.
If you have public IPv6 addresses representing your network, take the actions that are described in the following sections as soon as possible.
Customers who use named locations to identify specific network boundaries in their organization, need to:
Conduct an audit of existing named locations to anticipate potential impact;
Work with your network partner to identify egress IPv6 addresses in use in your environment.;
Review and update existing named locations to include the identified IPv6 ranges.
Customers who use Conditional Access location based policies, to restrict and secure access to their apps from specific networks, need to:
Conduct an audit of existing Conditional Access policies to identify use of named locations as a condition to anticipate potential impact;
Review and update existing Conditional Access location based policies to ensure they continue to meet your organization’s security requirements.
Failing to follow these steps might result in the following impact:
Users of IPv6 addresses may be blocked, depending on your organization's Conditional Access policies and Identity Protection configurations.
False positive detections due to 'Mark as trust location' not being checked for your internal networks and VPN’s can result in users being marked as risky.
We will continue to share additional guidance on IPv6 enablement in Azure AD here: IPv6 Support in Azure Active Directory.
Learn more about Microsoft identity:
Get to know Microsoft Entra – a comprehensive identity and access product family
Return to the Microsoft Entra (Azure AD) blog home
Share product suggestions on the Entra (Azure AD) forum
https://aka.ms/azureadipv6
https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#identifying-ipv6-traffic-with-azure-ad-sign-in-activity-reports
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#ip-address-ranges
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#ipv4-and-ipv6-address-ranges
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/introducing-microsoft-entra-modern-identity-and-access-solutions/ba-p/2520440
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/ipv6-coming-to-azure-ad/ba-p/2967451
2023-03-22MC MessagesUpdated February 9, 2023: We have updated the content below for clarity. Thank you for your patience.
With the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and IPv6 networks.
Today, we’re excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD). This will allow customers to reach the Azure AD services over both IPv4 and IPv6 network protocols (dual stack).
For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure Active Directory features or services.
[When this will happen:]
We’ve been gradually rolling out IPv6 for some of our services for a while. Starting in late March 2023 we'll begin enabling IPv6 for Azure AD authentication. We will introduce IPv6 support into Azure AD authentication in a phased approach, beginning late March 2023.
Updated March 21, 2023: Earlier, we had announced our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD) enabling our customers to reach the Azure AD services over IPv4, IPv6 or dual stack endpoints. This is just a reminder that we’ll begin introducing IPv6 support into Azure AD services in a phased approach, starting March 31st, 2023.
If your networks don’t support IPv6, you don’t need to take any action to change your configurations or policies. For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure AD features or services. We will continue to share additional guidance on IPv6 enablement in Azure AD at this easy to remember link https://aka.ms/azureadipv6.
With the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and IPv6 networks.

Today, we’re excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD). This will allow customers to reach the Azure AD services over both IPv4 and IPv6 network protocols (dual stack).
For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure Active Directory features or services.
[When this will happen:]
We’ve been gradually rolling out IPv6 for some of our services for a while. Starting in late March 2023 we'll begin enabling IPv6 for Azure AD authentication. We will introduce IPv6 support into Azure AD authentication in a phased approach, beginning late March 2023.
2023-03-22MC Last Updated02/09/2023 21:57:022023-03-21T20:01:11Z
2023-03-22MC prepareWe have guidance below which is specifically for Azure AD customers, who use IPv6 addresses and also use Named Locations in their Conditional Access policies.
If you have public IPv6 addresses representing your network, take the actions that are described in the following sections as soon as possible.
Customers who use named locations to identify specific network boundaries in their organization, need to:
Conduct an audit of existing named locations to anticipate potential impact;
Work with your network partner to identify egress IPv6 addresses in use in your environment.;
Review and update existing named locations to include the identified IPv6 ranges.
Customers who use Conditional Access location based policies, to restrict and secure access to their apps from specific networks, need to:
Conduct an audit of existing Conditional Access policies to identify use of named locations as a condition to anticipate potential impact;
Review and update existing Conditional Access location based policies to ensure they continue to meet your organization’s security requirements.
Failing to follow these steps might result in the following impact:
Users of IPv6 addresses may be blocked, depending on your organization's Conditional Access policies and Identity Protection configurations.
False positive detections due to 'Mark as trust location' not being checked for your internal networks and VPN’s can result in users being marked as risky.
We will continue to share additional guidance on IPv6 enablement in Azure AD here: IPv6 Support in Azure Active Directory.
Learn more about Microsoft identity:
Get to know Microsoft Entra – a comprehensive identity and access product family
Return to the Microsoft Entra (Azure AD) blog home
Share product suggestions on the Entra (Azure AD) forum
https://aka.ms/azureadipv6
https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#ip-address-ranges
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/introducing-microsoft-entra-modern-identity-and-access-solutions/ba-p/2520440
We have guidance below which is specifically for Azure AD customers, who use IPv6 addresses and also use Named Locations in their Conditional Access policies.
If you have public IPv6 addresses representing your network, take the actions that are described in the following sections as soon as possible.
Customers who use named locations to identify specific network boundaries in their organization, need to:
Conduct an audit of existing named locations to anticipate potential impact;
Work with your network partner to identify egress IPv6 addresses in use in your environment.;
Review and update existing named locations to include the identified IPv6 ranges.
Customers who use Conditional Access location based policies, to restrict and secure access to their apps from specific networks, need to:
Conduct an audit of existing Conditional Access policies to identify use of named locations as a condition to anticipate potential impact;
Review and update existing Conditional Access location based policies to ensure they continue to meet your organization’s security requirements.
Failing to follow these steps might result in the following impact:
Users of IPv6 addresses may be blocked, depending on your organization's Conditional Access policies and Identity Protection configurations.
False positive detections due to 'Mark as trust location' not being checked for your internal networks and VPN’s can result in users being marked as risky.
We will continue to share additional guidance on IPv6 enablement in Azure AD here: IPv6 Support in Azure Active Directory.
Learn more about Microsoft identity:
Get to know Microsoft Entra – a comprehensive identity and access product family
Return to the Microsoft Entra (Azure AD) blog home
Share product suggestions on the Entra (Azure AD) forum
https://aka.ms/azureadipv6
https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#ip-address-ranges
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/introducing-microsoft-entra-modern-identity-and-access-solutions/ba-p/2520440
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/ipv6-coming-to-azure-ad/ba-p/2967451
2023-02-10MC MessagesWith the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and IPv6 networks.
Today, we’re excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD). This will allow customers to reach the Azure AD services over both IPv4 and IPv6 network protocols (dual stack).
For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure Active Directory features or services.
[When this will happen:]
We will begin introducing IPv6 support into Azure AD services in a phased approach, beginning March 31, 2023 and expect to complete by early July
Updated February 9, 2023: We have updated the content below for clarity. Thank you for your patience.
With the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and IPv6 networks.
Today, we’re excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD). This will allow customers to reach the Azure AD services over both IPv4 and IPv6 network protocols (dual stack).
For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure Active Directory features or services.
[When this will happen:]
We’ve been gradually rolling out IPv6 for some of our services for a while. Starting in late March 2023 we'll begin enabling IPv6 for Azure AD authentication. We will introduce IPv6 support into Azure AD authentication in a phased approach, beginning late March 2023.
2023-02-10MC TitleIPv6 coming to Azure AD(Updated) IPv6 coming to Azure AD
2023-02-10MC Last Updated01/17/2023 20:31:312023-02-09T21:57:02Z
2023-02-10MC MessageTagNamesNew feature, Admin impactUpdated message, New feature, Admin impact
2023-02-10MC prepareWe have guidance below which is specifically for Azure AD customers, who use IPv6 addresses and also use Named Locations in their Conditional Access policies.
Customers who use named locations to identify specific network boundaries in their organization, need to:
Conduct an audit of existing named locations to anticipate potential impact;
Work with your network partner to identify egress IPv6 addresses in use in your environment.;
Review and update existing named locations to include the identified IPv6 ranges.
Customers who use Conditional Access location based policies, to restrict and secure access to their apps from specific networks, need to:
Conduct an audit of existing Conditional Access policies to identify use of named locations as a condition to anticipate potential impact;
Review and update existing Conditional Access location based policies to ensure they continue to meet your organization’s security requirements.
Failing to follow these steps might result in the following impact:
Users of IPv6 addresses may be blocked, depending on your organization's Conditional Access policies and Identity Protection configurations.
False positive detections due to 'Mark as trust location' not being checked for your internal networks and VPN’s can result in users being marked as risky.
We will continue to share additional guidance on IPv6 enablement in Azure AD here: IPv6 Support in Azure Active Directory.
Learn more about Microsoft identity:
Get to know Microsoft Entra – a comprehensive identity and access product family
Return to the Microsoft Entra (Azure AD) blog home
Share product suggestions on the Entra (Azure AD) forum
https://aka.ms/azureadipv6
https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#ip-address-ranges
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/introducing-microsoft-entra-modern-identity-and-access-solutions/ba-p/2520440
We have guidance below which is specifically for Azure AD customers, who use IPv6 addresses and also use Named Locations in their Conditional Access policies.
If you have public IPv6 addresses representing your network, take the actions that are described in the following sections as soon as possible.
Customers who use named locations to identify specific network boundaries in their organization, need to:
Conduct an audit of existing named locations to anticipate potential impact;
Work with your network partner to identify egress IPv6 addresses in use in your environment.;
Review and update existing named locations to include the identified IPv6 ranges.
Customers who use Conditional Access location based policies, to restrict and secure access to their apps from specific networks, need to:
Conduct an audit of existing Conditional Access policies to identify use of named locations as a condition to anticipate potential impact;
Review and update existing Conditional Access location based policies to ensure they continue to meet your organization’s security requirements.
Failing to follow these steps might result in the following impact:
Users of IPv6 addresses may be blocked, depending on your organization's Conditional Access policies and Identity Protection configurations.
False positive detections due to 'Mark as trust location' not being checked for your internal networks and VPN’s can result in users being marked as risky.
We will continue to share additional guidance on IPv6 enablement in Azure AD here: IPv6 Support in Azure Active Directory.
Learn more about Microsoft identity:
Get to know Microsoft Entra – a comprehensive identity and access product family
Return to the Microsoft Entra (Azure AD) blog home
Share product suggestions on the Entra (Azure AD) forum
https://aka.ms/azureadipv6
https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition
https://learn.microsoft.com/azure/active-directory/conditional-access/location-condition#ip-address-ranges
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/introducing-microsoft-entra-modern-identity-and-access-solutions/ba-p/2520440

*starting April 2022

Last updated 6 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!