What does my organization have to do?
If you have public IPv6 addresses representing your network, take the actions that are described in the following sections as soon as possible.
For example: Some organizations have a Conditional Access policy that blocks access to specific applications from outside a trusted named location that represents their public network addresses. This named location contains the IPv4 addresses that are owned by the customer, but it might not include the public IPv6 addresses that represent the customer network.
If customers don’t update their named locations with these IPv6 addresses, their users will be blocked.
With the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and IPv6 networks.
Today, we’re excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD). This will allow customers to reach the Azure AD services over IPv4, IPv6 or dual stack endpoints.
For most customers, IPv4 won’t completely disappear from their digital landscape, so we aren’t planning to require IPv6 or to de-prioritize IPv4 in any Azure AD features or services. However, it is important you start planning and prepare for IPv6 support by taking the actions recommended in this blog, and also checking in for updated guidance at https://aka.ms/azureadipv6.
We’ll begin introducing IPv6 support into Azure AD services in a phased approach, starting March 31st, 2023.
We have guidance below which is specifically for Azure AD customers who use IPv6 addresses and also use Named Locations in their Conditional Access policies.
Customers who use named locations to identify specific network boundaries in their organization need to:
- Conduct an audit of existing named locations to anticipate potential impact;
- Work with your network partner to identify egress IPv6 addresses in use in your environment;
- Review and update existing named locations to include the identified IPv6 ranges.
Customers who use Conditional Access location based policies to restrict and secure access to their apps from specific networks need to:
- Conduct an audit of existing Conditional Access policies to identify use of named locations as a condition to anticipate potential impact;
- Review and update existing Conditional Access location based policies to ensure they continue to meet your organization’s security requirements.
We created an easy to remember link where we’ll continue to share additional guidance on IPv6 enablement in Azure AD. Access these details here: https://aka.ms/azureadipv6.
Learn more about Microsoft identity: