IPv6, the most recent iteration of the Internet Protocol (IP), serves as a cutting-edge solution that facilitates the identification and location system for devices within networks while effectively routing traffic across the vast expanse of the internet. Unlike its predecessor, IPv4, which has seen its addresses deplete rapidly due to the surging number of internet-connected devices, IPv6 addresses are designed to be longer and more intricate.
As such, IT Managers need to be aware of several crucial aspects concerning IPv6 to ensure seamless network management and smooth transitions to this new protocol. By understanding the benefits, deployment considerations, address format, and potential challenges associated with IPv6, IT Managers can make informed decisions and implement effective strategies for adopting this groundbreaking technology in their networks.
Here are some things IT managers need to know.
Key points:
- Azure AD is introducing IPv6 support in April 2023.
- Customers with public IPv6 addresses need to take some actions to ensure readiness for IPv6 support in Azure AD.
- Customers can test Azure AD authentication over IPv6 using NRPT rules on their devices.
- Customers can find IPv6 addresses in sign-in logs and add them to their named locations for Azure AD features.
What is Azure Active Directory (Azure AD)
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. It is designed to help organizations manage users, devices, applications, and resources. It serves as a central hub for managing user identities and their access to various cloud and on-premises resources.
Azure AD is introducing IPv6 support to meet the needs of customers with increased mobility.
Introducing IPv6 support
Beginning in April 2023, Azure AD service endpoint URLs will resolve to both IPv4 and IPv6 addresses. This means that if your network and devices support IPv6, you will be able to connect to Azure AD using IPv6. This advancement aligns with the increasing adoption of IPv6 and provides organizations with the ability to future-proof their networks, accommodating the growing number of devices and ensuring long-term scalability. For organizations that are not yet IPv6-ready, Azure AD continues to support IPv4, allowing them to maintain their existing configurations and seamlessly connect to Azure AD without disruptions.
If you do have public IPv6 addresses representing your network, you need to take some actions to ensure that your Azure AD features work properly with IPv6.
These actions include:
- Testing Azure AD authentication over IPv6 using a Name Resolution Policy Table (NRPT) rule on your devices.
- Finding IPv6 addresses in sign-in logs and adding them to your named locations, which are used for features such as Conditional Access, Identity Protection, and B2C.
- Updating your Conditional Access policies with your IPv6 named locations if needed.
- Updating your outbound traffic restrictions to include IPv6 endpoints if you limit outbound network traffic to specific IP ranges.
- Avoiding changes to the default IPv6 configuration on your devices as they may cause unintended consequences.
- Customers need to update their outbound traffic restrictions and Conditional Access policies with IPv6 endpoints if applicable.
An Essential Upgrade
IPv6 is an essential upgrade to the Internet Protocol, providing a larger address space to accommodate the growing number of devices connected to the internet. Azure Active Directory (Azure AD), Microsoft’s cloud-based identity and access management service, is introducing IPv6 support in April 2023 to meet the needs of customers with increased mobility and to address the scarcity of IPv4 addresses. This support allows Azure AD service endpoint URLs to resolve to both IPv4 and IPv6 addresses.
For more details on how to perform these actions, please refer to this Microsoft Learn Documentation.