MC835648: Announcing IPv6 Enablement for Accepted Domains

Announcement ID	MC835648	Published Date	07-25-2024
Service	Exchange	Last Updated	09-27-2024
Category	Plan for change	Expiration Date	12-31-2024
Roadmap ID		Action Required by Date
Tags	Major update, Admin impact, Feature update, User impact

Summary
IPv6 will be enabled for Exchange Online Accepted Domains starting October 16, 2024, allowing for enhanced security and performance. Organizations should update allow-lists and consider opting out if necessary. Details and preparation steps are provided in the message.

More Information
Starting October 16, 2024, we're gradually enabling IPv6 for all customer Accepted Domains that use Exchange Online for inbound mail. Microsoft is modernizing Exchange Online so our customers can easily meet their local regulations as well as benefit from the enhanced security and performance offered by IPv6. When this will happen: October 16, 2024 (previously October 1, 2024) How this will affect your organization: After we enable IPv6 for your Accepted Domains, when someone tries to send an email to one of your users and queries the MX record for the domain, they will receive both IPv4 and IPv6 addresses (AAAA records) in response to their MX record query. What you need to do to prepare: To take advantage of IPv6 connectivity, please make sure that you and your partner's update network allow-lists to allow Exchange Online IPv6 endpoints in the same way it allow-lists IPv4. To opt a domain out of inbound IPv6 so traffic flowing to the domain remains IPv4-only, please use Disable-IPv6ForAcceptedDomain -Domain for each domain you want to opt out of IPv6 (Disable-IPv6ForAcceptedDomain (ExchangePowerShell). IPv6 enablement may impact the source IP type used by Senders when connecting to Exchange Online, as the source and destination IP versions must match. For any IP Address-based Inbound connectors in Exchange Online that are referencing IPv4 addresses, you need to either: Keep the sending server as IPv4. Coordinate with the Sender so the Sender keeps connecting to your domain(s) via IPv4 or Opt your domain(s) out of IPv6 Change the IP based connector to certificate domain based connector. This applies to both OnPremises type (From: Your organization's email server, To: Office 365) and Partner Type connectors (From: Partner organization, To: Office 365). Update: If you are using any Exchange Transport Rules or Data Loss Prevention policies which rely on the SenderIPRanges predicate, you need to opt out all your domains from IPv6. You can manage IPv6 for your Exchange Online Accepted Domains using the commands Enable-IPv6ForAcceptedDomain or Disable-IPv6ForAcceptedDomain. Currently, you can check the status of your Accepted Domains with the Get-IPv6StatusForAcceptedDomain command. While some customers have already enabled IPv6, most will see it as disabled until October 16th. After October 16, once IPv6 is enabled for your tenant, if you haven't explicitly set the IPv6 status for your Accepted Domains, the Get-IPv6StatusForAcceptedDomain command will reflect the new default behavior (enabled). IMPORTANT: To ensure your preferred settings are applied, please use the Enable-IPv6ForAcceptedDomain or Disable-IPv6ForAcceptedDomain commands before October 16th, after which IPv6 will be enabled by default if you haven't explicitly set it.

More Information

Starting October 16, 2024, we're gradually enabling IPv6 for all customer Accepted Domains that use Exchange Online for inbound mail. Microsoft is modernizing Exchange Online so our customers can easily meet their local regulations as well as benefit from the enhanced security and performance offered by IPv6.

When this will happen:

October 16, 2024 (previously October 1, 2024)

How this will affect your organization:

After we enable IPv6 for your Accepted Domains, when someone tries to send an email to one of your users and queries the MX record for the domain, they will receive both IPv4 and IPv6 addresses (AAAA records) in response to their MX record query.

What you need to do to prepare:

To take advantage of IPv6 connectivity, please make sure that you and your partner's update network allow-lists to allow Exchange Online IPv6 endpoints in the same way it allow-lists IPv4.

To opt a domain out of inbound IPv6 so traffic flowing to the domain remains IPv4-only, please use Disable-IPv6ForAcceptedDomain -Domain for each domain you want to opt out of IPv6 (Disable-IPv6ForAcceptedDomain (ExchangePowerShell).

IPv6 enablement may impact the source IP type used by Senders when connecting to Exchange Online, as the source and destination IP versions must match. For any IP Address-based Inbound connectors in Exchange Online that are referencing IPv4 addresses, you need to either:

Keep the sending server as IPv4.
- Coordinate with the Sender so the Sender keeps connecting to your domain(s) via IPv4 or Opt your domain(s) out of IPv6
Change the IP based connector to certificate domain based connector.
- This applies to both OnPremises type (From: Your organization's email server, To: Office 365) and Partner Type connectors (From: Partner organization, To: Office 365).

Update: If you are using any Exchange Transport Rules or Data Loss Prevention policies which rely on the SenderIPRanges predicate, you need to opt out all your domains from IPv6.

You can manage IPv6 for your Exchange Online Accepted Domains using the commands Enable-IPv6ForAcceptedDomain or Disable-IPv6ForAcceptedDomain.

Currently, you can check the status of your Accepted Domains with the Get-IPv6StatusForAcceptedDomain command. While some customers have already enabled IPv6, most will see it as disabled until October 16th.

After October 16, once IPv6 is enabled for your tenant, if you haven't explicitly set the IPv6 status for your Accepted Domains, the Get-IPv6StatusForAcceptedDomain command will reflect the new default behavior (enabled).

IMPORTANT: To ensure your preferred settings are applied, please use the Enable-IPv6ForAcceptedDomain or Disable-IPv6ForAcceptedDomain commands before October 16th, after which IPv6 will be enabled by default if you haven't explicitly set it.

Top News

MC878427: Restricted Content Discoverability for SharePoint Sites

MC761227: Microsoft Teams Phone devices: Advanced calling and contact management on non-touch phones

MC721853: Microsoft New feedback button

MC891238: Microsoft SharePoint and Microsoft Teams: Update on new Microsoft Lists rollout

MC797119: A new Start experience

MC888034: Accept Apple's new terms and conditions to ensure Intune can communicate with Apple as expected

Removing the Default Exchange Server Database: A Step-by-Step Guide

Create and Manage Exchange Groups

Creating a Mailbox in Exchange Server 2013 Using PowerShell

MC888036: Prevent/Fix: PnP PowerShell authentication failures

MC835648: Announcing IPv6 Enablement for Accepted Domains

When this will happen:

How this will affect your organization:

What you need to do to prepare:

Contact Form

Top News

MC835648: Announcing IPv6 Enablement for Accepted Domains

When this will happen:

How this will affect your organization:

What you need to do to prepare:

You Might Like

Contact Form