Microsoft to Add IPv6 Support to Azure Active Directory in March

Datacenter networking servers

Microsoft has announced that it’s bringing Internet Protocol version 6 (IPv6) support to its Azure Active Directory services. The company plans to roll out IPv6 support to all enterprise customers in a staggered manner on March 31.

With this release, users will be able to access Azure Active Directory (AD) services through IPv6, IPv4, or dual-stack endpoints. “We’re excited to bring IPv6 support to Azure Active Directory (Azure AD), to support customers with increased mobility, and help reduce spending on fast-depleting, expensive IPv4 addresses,” Microsoft explained.

How to prepare for the upcoming IPv6 change in Azure AD

Microsoft says that IPv6 support might be a major change for some customers, and recommends IT administrators to prepare in advance. First, customers who use named locations will need to determine egress IPv6 addresses, and then update Review and update existing named locations to add the identified IPv6 ranges.

Meanwhile, organizations that use Conditional Access (CA) policies should first identify the usage of named locations as a condition. Then, they will need to update existing CA location-based policies to meet compliance requirements.

Microsoft explained that Exchange Online accounts for the majority of the IPv6 traffic that’s proxied to Azure Active Directory. “When available, Exchange will prefer IPv6 connections. So if you have any Conditional Access policies for Exchange, that have been configured for specific IPv4 ranges, you’ll want to make sure you’ve also added your organizations IPv6 ranges,” Microsoft added.

It is important to note that IPv6 addresses could automatically get triggered in certain situations. For example, an employee uses a legacy authentication method to connect to Microsoft Exchange Online. Moreover, customers who use Azure VNets will receive traffic from IPv6 addresses, and they should audit Azure AD Conditional Access policies for IPv6 exclusions.

Microsoft notes that IT Pros can identify IPv6 traffic in the Azure AD Sign-in activity reports. However, it’s important to add an IP address column to the report, and you can find more details on this support page.