Microsoft
MicrosoftPaulCollinge Re: TonyJ25
How do we separate the authentication traffic from the general traffic in order to obtain the authentication token from the internal IPs? Are authentications going over specific ports? Which are they?
Our Conditional Access rule is set with token expiration of 1 hour when off the corporate network. If the primary traffic is coming from the users home local IP, I suspect even with split tunneling for authentication traffic, since general traffic is coming over the users local IP it will trigger more frequent authentication interruptions (WAM popups/white screen). Am I wrong?
Finally, how about Conditional Access rules for IPv6? There are none available, and we have users whose ISPs use IPv6 and no IPv4 addresses. Our VPN will issue them both IPv6 and IPv4 for internal network, but there are inherent issues with this approach when we cannot configure our corporate IPv6 range in the Conditional Access rules. Authentications fail over internal IPv6 addresses whcih could pose issues if split tunnel defers to the internal IPv6 for authentication.
Thanks for the guidance!
