Add IPv6 addresses/ranges in named locations
we set up Named Locations in Azure ID to "avoid" risky Azure AD logins.
I added all our IPv4 public IPs/ranges but could not enter the IPv6 IPs/ranges. I got in touch with the Azure support and they said it is not possible yet.
As we also use IPv6 surf IPs, could you enable the feature to add IPv6 IPs/ranges as well?
This has now made it’s way to public preview.
Michael Burgher commented
It should be simple enough for Microsoft to provide location information for IPv6 addresses. Online geolocation\IP lookup databases like whatismyipaddress.com support the feature.
Is there an estimated date for adding this functionality? I have several projects dependent on this working properly.
Vincent Schneider commented
I would also like to add that the location based services are blank for IPv6 Addresses in the Azure AD sign-in logs.
The IPv4 addresses are less accurate than 3rd party lookup like ipinfo.io for instance where an IPv4 Location coming from one city is inaccurate in Azure AD logs but is accurate when i look it up on ipinfo.io.
This is not helpful especially when blocking countries like China and Russia where we in particular receive a lot of attacks from.
We either have to loosen up our policies creating security risks or make things difficult for our users where they can't access on their cellular network which uses IPv6 often blocking active sync for example.
Microsoft Please listen to your clients :) we're rooting for you!
It is simply unacceptable that Microsoft does not support IPv6 location data. We are halfway through 2019 and a good portion of the WORLD is already using IPv6.
Microsoft needs to escalate this up and get a solution in place ASAP. This was said to be "High" on your list in November, but you haven't provided ANY updates for 8 Months!!!
Hi!, The logins does not work when users connected using IPv6 if you add a conditional rules banning any overseas countries.
other problem with ipv6 if i setup a rule for conditional access blocking access from russia (ie)
if the ip used by the attacker is ipv6 the system doesn't match russia but the field location is blank so conditional accees doesn't works
Hi Microsoft team - Would really appreciate if you can add this feature in Azure.
WE have experience brute force attacks to one of our customer tenant from IPv6 address and we dont have an option to block it at all
This should be a major priority!!! Why is there no update? This limitation negates the the basis of using conditional access to secure azure & 365 resources. We literally had level II support tell us to disable 365 MFA to use conditional access - how is that a viable solution with this feature missing???
Brian ANderson commented
Any update on this?
And Microsoft continues to push "security" and conditional access - WHY IS CONDITIONAL ACCESS CONSIDERED TO REDUCE SECURITY RISKS? IT ONLY WORKS WITH IPv4, leaving more than 1/4 connections to 365 / AZURE resources insecure! Why?
We’ve spent months planning to implement conditional access policies as a basis of our network security strategy. Why in the world would Microsoft have ever setup features of conditional access without ipv6 support? This is a huge deal. If you can bypass all conditional access policies just by originating from ipv6 address, what purpose does this even serve? Yet another Microsoft product feature that’s not ready for GA. It’s just becoming the new normal with the carelessness of Microsoft.
Any update to this?
Not like 1/4 of the worlds internet traffic is using it....
Would love an update on this :) , I cannot see this actioned yet.
Ben Nichols commented
This is very much needed. Sites with native IPv6 are treated as non-trusted.
Seriously? No IPv6 for conditional access? We have known bad-actor IPv6 ranges and need to block access from them.
Every issue we have reported to Microsoft regarding security issues due to compromised accounts receives a response that we need to enable conditional access and MFA. However, without IPv6 support for these items we cannot implement them. Even if we implement them with just IPv4, it drastically impacts our end user experience because we are utilizing IPv6 within our organization. We need IPv6 support as soon as possible in order to ensure that we can implement appropriate security controls as well as provide a seamless end-user experience.
Erik M commented
Please implement this soon! Not catering to more than a quarter of the whole internet is simply not acceptable.
It's the same problem with white list IPv6 addresses in Office 365. Please understand that It's 2018 now an 25% of global Internet traffic is IPv6.