Disable IPv6 for https://login.microsoftonline.com:443

Deepika Nayak 5 Reputation points
2023-07-12T00:58:35.3333333+00:00

Hello,

We are trying to generate a token by making a https call from SAP ERP system to login.microsoftonline.com. Since azure ADP has Ipv6, the IPv6 is fetched and passed on to our firewall which can only resolve IPv4. So query is can we disable IPv6 on login.microsoftonline.com in our network?

  1. We are trying to access the azure platform idP for token generation using cl_http_client=>create_by_url.
  2. The URL contains the hostname login.microsoftonline.com and same was been whitelisted in the firewall rules.
  3. But since login.microsoftonline.com has IPv6 and our ERP Linux OS has IPv6 enabled, the dns lookup fetches the IPv6 address and passes it on to firewall. But our network can resolve only IPv4.

So we are getting NIECONN_REFUSED(-10) error.

We cannot switch off IPv6 too as some our IPv6 only application will stop working. So is there a way to disable IPv6 from Azure end?

Thanks

Deepika

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,145 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Givary-MSFT 35,216 Reputation points Microsoft Employee
    2023-07-13T06:47:15.27+00:00

    @Deepika Nayak Thank you for reaching out to us, As I understand you want to disable Ipv6 for your specific tenant ? As far I know Ipv6 is enabled at the service level (Azure AD), let me check if there is an option to disable the same for specific tenant or not.

    Our service endpoint URLs resolve to return both IPv4 and IPv6 addresses, If a client platform or network supports IPv6, the connection will mostly be attempted using IPv6, assuming that the network hops that are in between (such as firewalls or web proxies) also support IPv6. For environments that don't support IPv6, client applications will continue to connect to Azure AD over IPv4.

    In your scenario, firewall doesnt support IPv6. Its not possible for us to disable ipv6 for specific tenant.

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.