Change how Conditional Access ipv6 country assingment works ? Apple native mail app broken

Vossi 16 Reputation points
2020-11-16T15:30:53.783+00:00

does anybody know if the way that conditional access assigns ipv6 adresses to countrys has changed ? We are using Conditional access based on IP location to restrict access to european countrys.

Works well for IP4 Adresses, but on IPv6 since 13.11.2020 Location was null,null and NOT matched
39990-image.png

since 15.11.2020 Location for the same address is null,null but now it is MATCHED.
We have changed nothing, but since 13/14.11 users got Problems to get Mails with native Apple Mail App.
Outlook on IOS has no problem. I think this a follow up of conditional access behavior change ?

Policy is : blocked Country´s (a named Location with a lot of countrys and "include unknows areas " ist selected) require MFA
This worked for weeks flawlessly.

Anyboby else experiencing this ?

any tips are welcome

Vossi

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,093 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Steve541367368413658413 1 Reputation point
    2020-11-17T14:29:06.867+00:00

    We're having the same issue. A bunch of IPv6 ranges aren't mapping to a location causing one of our CA rules to fail, causing a bunch of cranky users. I've been having to exclude huge swaths of IPv6 addresses to keep our users online. Our rule has been running for several months flawlessly.

    Mostly, it appears to be cellular carriers - AT&T, Verizon, Comcast. I have a ticket in with MS, we'll see if that gets us anywhere.


  2. 2020-11-19T17:56:16.3+00:00

    @Vossi @Steve541367368413658413 product team just confirmed the Ipv6 track was changed not long time ago. Please check here the documentation explain how the Ipv6 traffic works.