Microsoft 365 Message Center Archive

MC889519 - Microsoft Defender for Office 365: Tenant Allow/Block List will support IPv6 allow and block entries

Message ID

MC889519

View in Message Center

Service

Exchange Online
Microsoft Defender XDR

Last Updated

Oct 11, 2024

Published Sep 13, 2024

Tag

Updated message
New feature
Admin impact

Roadmap ID

406166

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Defender for Office 365 is updating to support IPv6 in Tenant Allow/Block List, with a revised rollout timeline starting early October 2024. This update applies to customers with specific service plans and will allow admins to block or allow IPv6 addresses without submissions. Rollout requires no admin action prior to the update.

More information

Updated October 11, 2024: We have updated the timeline below. Thank you for your patience.

NOTE: This applies to customers with Microsoft Exchange Online Protection or Microsoft Defender for Office 365 Plan 1 or Plan 2 service plans. https://learn.microsoft.com/defender-office-365/tenant-allow-block-list-ip-addresses-configure

Soon, it will be possible to create IPv6 allow and block entries in the Tenant Allow/Block Lists.

This message is associated with Microsoft 365 Roadmap ID 406166.

When this will happen:

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early October 2024 (previously late September) and expect to complete by mid-October 2024 (previously early November).

How this will affect your organization:

Before this rollout: Admins cannot block or allow IPv6 addresses.

After this rollout, you can make IPv6 allow and block entries in these formats:

  • Colon-hexadecimal notation single IPv6 address (for example, 2001:0db8:85a3:0000:0000:8a2e:0370:7334)
  • Zero compression single IPv6 address (for example, 2001:db8::1)
  • Classless inter-domain routing (CIDR) IPv6 (for example, 2001:0db8::/32). The range supported is 1-128.

The IP block entry will drop any email sent from that IP at the edge, whereas the IP allow will just override the IP filtering, allowing the rest of the Defender for Office 365 stack to evaluate threats. IP block has a higher priority over IP allow entries.

Admins can create entries in the Defender portal or with the Microsoft PowerShell New-TenantAllowBlockListItems cmdlet (ListType parameter with value IP) without need for submissions.

admin controls

This change will not impact any of your current Tenant Allow/Block List entries or your IPv4 entries in the hosted connection filter policy or enhanced filtering connection policy

Last used date support for IPv6 allow and block will be added soon.

Entry limits for IPv6:

  • Exchange Online Protection: The maximum number of allow entries is 500, and the maximum number of block entries is 500 (1000 entries in total).
  • Defender for Office 365 Plan 1: The maximum number of allow entries is 1000, and the maximum number of block entries is 1000 (2000 entries in total).
  • Defender for Office 365 Plan 2: The maximum number of allow entries is 5000, and the maximum number of block entries is 10000 (15000 entries in total).

Permissions:

The same existing set of permissions we have for Tenant Allow/Block List will also apply to this rollout.

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout. If one wants to block emails from IPv6 addresses or allow email from IPv6 addresses, the admin need to create entries to do so.

Additional references: