How can we improve Azure Active Directory?

← Azure Active Directory

Show location for Azure AD sign-ins from IPv6 addresses

Please add location information to sign-ins from IPv6 addresses. Currently there is no location information associated with IPv6 so it is circumventing all the Azure AD Identity Protections you have in place.

48 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Siemon Roozendaal shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
started  ·  Azure AD Team responded  · 

Thanks for your feedback, folks. We have been working towards resolving the locations for IPv6 logins. Currently, a subset of such logins are getting resolved for location and the % will gradually go up. Are you seeing some of your IPv6 logins with resolved location?

12 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Woodward, William commented  ·   ·  Flag as inappropriate

    Is there a timeline on when the majority of these will start getting resolved? We are seeing maybe 1/8 so far. This needs to be an ASAP issue.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This has not improved over the last month. Microsoft closed our ticket on this as resolved. What is the status?

  • Anonymous commented  ·   ·  Flag as inappropriate

    I can see one IPV6 resolution in the last day or so. That puts our percentage at much less than 1%, but it's a start.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Hello Rajat, We're seeing locations associated with about 4% of our IPv6 traffic. Progress! Thanks - when do you expect it to be complete?

  • Rajat Luthra commented  ·   ·  Flag as inappropriate

    Thanks for your feedback, folks. We have been working towards resolving the locations for IPv6 logins. Currently, a subset of such logins are getting resolved for location and the % will gradually go up. Are you seeing some of your IPv6 logins with resolved location?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Indeed - I have a ticket open on this right now. It's a major issue. As we move to add everyone to more comprehensive CA policies, setting up MFA grant for certain countries as a stop-gap measure is rendered relatively ineffective by this issue. about 1/4 of all sign-in attempts for us are made via IPv6. Microsoft is making a big push to become a more security-focused company, and fixing this needs to be part of that push.

  • Alessio commented  ·   ·  Flag as inappropriate

    And It s not Only related to ca
    All the security filter based on blacklist can be bypassed URL substituction etc...

  • Alessio commented  ·   ·  Flag as inappropriate

    Is a big bug in security Evert night i have brute force from malasya bypassing my conditional access rules.
    Fix It ASAP PLS.
    Aldo i wanted a conditional access based on ip versione for deny every IPv6 login

  • Jeremy Adkins commented  ·   ·  Flag as inappropriate

    This should be getting more attention. Major mobile providers and ISPs are moving to IPv6 T-Mobile, Verizon, Charter\Spectrum to name a few. This issue makes it impossible to effectively use the include unknown locations option in CA policies. Combined with the inability to include or exclude IPv6 addresses or ranges in the same way you can IPv4 this causes a huge gap in what is otherwise a great resource for Identity Security.

Azure Active Directory: Identity Protection

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice