Azure Active Directory To Get IPv6 Support This Year

Microsoft announced on Tuesday that it will start bringing Internet Protocol version 6 (IPv6) support to its Azure Active Directory services.

IPv6 support for Azure AD will arrive in "a phased approach," starting on March 31, 2023, the announcement indicated. When it gets added, Azure AD users will be able reach those services via "IPv4, IPv6 or dual stack endpoints," Microsoft explained.

There's a possible cost benefit to this change, as IPv6 support also could "help reduce spending on fast-depleting, expensive IPv4 addresses," Microsoft contended, per this document.

Organizations using Azure AD won't be required to use IPv6. Moreover, Microsoft isn't planning to "deprioritize" IPv4, as its use isn't likely to disappear in the near future.

Microsoft advised IT pros to conduct an audit before the coming IPv6 change occurs. They should check to see if they are using "named locations" or Azure AD "Conditional Access location-based polices to restrict and secure access to their apps," which could have effects with the coming IPv6 support.

IT pros should carry out the following tasks, according to Microsoft's document:

The exact steps to carry out those tasks weren't described, but possibly are buried in Microsoft's documents.

In another document on location conditions, Microsoft explained that "most of the IPv6 traffic that gets proxied to Azure AD comes from Microsoft Exchange Online" and that "Exchange will prefer IPv6 connections." To address such scenarios, IT pros will want to check if they have any Conditional Access policies for Exchange that "have been configured for specific IPv4 ranges." In such cases, IT pros should add IPv6 ranges as well.

In some cases, an IPv6 address will get triggered. For instance, Azure AD may use an IPv6 address when Exchange Online is used with "legacy authentication" methods. The Outlook Web App used in a browser may get its session interrupted if there isn't a configured IPv6 address range, the document also warned. Also, organizations using Azure VNets will have "traffic coming from an IPv6 address" so Azure AD Conditional Access policies should be checked for any IPv6 exclusions.

IT pros can identify IPv6 traffic used with their Azure AD tenancies via the "Azure AD sign-in activity reports." They will need to add an "IP address" column to the report to see such activity, Microsoft's document explained.

Microsoft had announced overall IPv6 support on Azure services as far back as this 2016 announcement. Azure AD support for IPv6 apparently wasn't part of the mix, though.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube