Forum Discussion
kidtrebor
Mar 23, 2022Copper Contributor
Azure MFA (through Conditional Access) with MFA Trusted IPs - Expected Behaviour?
Hi there, I've recently enabled MFA within my organisation, but excluded the MFA Trusted IP ranges, that excludes both the private IP subnets on the local network and the public IP of the org. S...
rahuljindal-MVP
Bronze Contributor
Have you checked if MFA is triggered by a CA policy? I normally look under sign-in logs. Do you have Identity protection policies configured by any chance? I recently blogged about it that may help here.https://rahuljindalmyit.blogspot.com/2022/03/using-conditional-access-to-enable.html
joeyvldn
Mar 27, 2022Brass Contributor
How is the windows sign in done? WHfB? To my opinion this is expected behavior in a inprivate mode.
Can you check the Azure AD sign-in logs in the CA tab?
I would never exclude corporate offices/subnets from MFA. I would always require MFA for all sign-ins. Try to migrate to Windows Hello for Business to make sign-ins protected by MFA and bring SSO to the next level.
Can you check the Azure AD sign-in logs in the CA tab?
I would never exclude corporate offices/subnets from MFA. I would always require MFA for all sign-ins. Try to migrate to Windows Hello for Business to make sign-ins protected by MFA and bring SSO to the next level.