Outlook Web Access ‘Contacts’ not working

This is a strange and ‘under documented’ issue that causes the ‘People’ feature (aka Contacts) in Outlook Web Access to not work. You are unable to create new contacts nor are you able to view info for existing contacts.

There is a solution and there is a reason but it is buried in a small paragraph here

The culprit, if you have this configured in your Azure AD, is a Conditional Access policy for Location Restrictions.

When Covid-19 hit we pretty quickly decided to start working from home. Working remotely meant that we were now open to external threats so we configured a Conditional Access Policy for Location Restrictions. This policy granted us access to our Office 365 tenancy and everything within it; Data, applications, services etc. using a Named Locations list of our external IP’s.

The result was successful and provided the layer of security we needed. But for some odd reason Outlook Web Access ‘People’ feature was broken. And it was annoying more than anything because everything else worked fine!

So how to fix this? Enter the ‘under-documented’ and ‘somewhat buried’ support article from Microsoft.

Most of the IPv6 traffic that gets proxied to Azure AD comes from Microsoft Exchange Online. When available, Exchange will prefer IPv6 connections. So if you have any Conditional Access policies for Exchange, that have been configured for specific IPv4 ranges, you’ll want to make sure you’ve also added your organizations IPv6 ranges. 

You need to add each users external WAN IPv6 address to the trusted IP’s in the Named Locations list. But… you need to use the ‘Preview Named Locations’ page to do this. Very important, else you won’t have the capability.

Once you have added each users external WAN IPv6 address the issue will immediately be resolved!