Published Sep 13, 2024
Microsoft Defender for Office 365 is updating to support IPv6 in Tenant Allow/Block List, with a revised rollout timeline starting early October 2024. This update applies to customers with specific service plans and will allow admins to block or allow IPv6 addresses without submissions. Rollout requires no admin action prior to the update.
Updated October 11, 2024: We have updated the timeline below. Thank you for your patience.
NOTE: This applies to customers with Microsoft Exchange Online Protection or Microsoft Defender for Office 365 Plan 1 or Plan 2 service plans. https://learn.microsoft.com/defender-office-365/tenant-allow-block-list-ip-addresses-configure
Soon, it will be possible to create IPv6 allow and block entries in the Tenant Allow/Block Lists.
This message is associated with Microsoft 365 Roadmap ID 406166.
When this will happen:
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early October 2024 (previously late September) and expect to complete by mid-October 2024 (previously early November).
How this will affect your organization:
Before this rollout: Admins cannot block or allow IPv6 addresses.
After this rollout, you can make IPv6 allow and block entries in these formats:
The IP block entry will drop any email sent from that IP at the edge, whereas the IP allow will just override the IP filtering, allowing the rest of the Defender for Office 365 stack to evaluate threats. IP block has a higher priority over IP allow entries.
Admins can create entries in the Defender portal or with the Microsoft PowerShell New-TenantAllowBlockListItems cmdlet (ListType parameter with value IP) without need for submissions.
This change will not impact any of your current Tenant Allow/Block List entries or your IPv4 entries in the hosted connection filter policy or enhanced filtering connection policy
Last used date support for IPv6 allow and block will be added soon.
Entry limits for IPv6:
Permissions:
The same existing set of permissions we have for Tenant Allow/Block List will also apply to this rollout.
What you need to do to prepare:
This rollout will happen automatically by the specified date with no admin action required before the rollout. If one wants to block emails from IPv6 addresses or allow email from IPv6 addresses, the admin need to create entries to do so.
Additional references: