Azure Conditional Access Named Locations IPv6 Support

Named Locations in Azure Conditional Access only supports locations based on IPv4 IP address ranges. For sign-ins that are coming from IPv6 addresses where you are looking to enforce a geo-policy, you’ll need to manually add the IPv6 address ranges for the countries you wish to exclude/include as appropriate.

Whilst looking into this a colleague of mine discovered the following resource that details the IPv4 address ranges for multiple countries – not sure how often it is updated, but a good starting point to reduce any sign-in issues for those users using IPv6 addresses:

Regional Internet Registries Statistics – RIR Delegations – New Zealand (NZ) – IPv6 address delegations (imtbs-tsp.eu)

It’s quite easy to copy the table from there into a CSV file and then import the list into Azure to create a new location based on IPv6 addresses.

Leave a Reply

Your email address will not be published.