Forum Discussion

Hawkins_IT's avatar
Hawkins_IT
Copper Contributor
Sep 14, 2021
Solved

Multi-Factor Authentication

We use Multi-Factor Authentication on all our Office 365 emails. However, we have a Xerox copier/printer that we use to scan-to-email, so it has its own email address. When we enable the Multi-Factor...
admin
Authentication
office 365
  • SimBur2365's avatar
    SimBur2365
    Sep 16, 2021

    Hi Hawkins_IT, we use the following approach:
    1. Add the external IP address of the location it send email from to Named Locations.
    2. Create a new policy, assign the account that sends email, set the policy to Block, add a location condition, apply to all locations, then in the exclude tab, select the location you just added for the site.
    3. Now you can safely exclude the account from the MFA policy, knowing that it can only sign in from that IP address.

     

    Generally it is a good idea to add any office locations external IP to MFA Trusted IPs and as Named Locations in Conditional Access (excluded from your MFA policy).

SimBur2365's avatar
SimBur2365
Brass Contributor
Sep 16, 2021

Hi Hawkins_IT, we use the following approach:
1. Add the external IP address of the location it send email from to Named Locations.
2. Create a new policy, assign the account that sends email, set the policy to Block, add a location condition, apply to all locations, then in the exclude tab, select the location you just added for the site.
3. Now you can safely exclude the account from the MFA policy, knowing that it can only sign in from that IP address.

 

Generally it is a good idea to add any office locations external IP to MFA Trusted IPs and as Named Locations in Conditional Access (excluded from your MFA policy).

Resources