Forum Discussion

MagicMarker's avatar
MagicMarker
Copper Contributor
May 29, 2020

Skip MFA for a single public IP

I want to skip MFA from one of our Remote App servers on our network. I will create a NAT for all inbound and outbound traffic for the Remote App server to use a specific public IP address. I have added the public IP address with /32 subnet in the multi-factor authentication service settings. Do I also need to setup a conditional access policy to bypass anything in this trusted ip section?

  • Generally you can complete this within the CA policy, its one of the conditions.

    You can either specify a Named Location or just use the MFA Trusted IP list.

    Also, would suggest configuring locations.

     

    CA Policy -> Conditions -> Locations -> Configure "Yes" -> Include "Selected Locations"/Trusted Locations"

    Depending on licensing requirements and capabilities, if Azure P1 is accessible, would suggest going down the path of Azure MFA opposed to the so called O365 MFA.

  • vas_ppabp_90's avatar
    vas_ppabp_90
    Brass Contributor

    Generally you can complete this within the CA policy, its one of the conditions.

    You can either specify a Named Location or just use the MFA Trusted IP list.

    Also, would suggest configuring locations.

     

    CA Policy -> Conditions -> Locations -> Configure "Yes" -> Include "Selected Locations"/Trusted Locations"

    Depending on licensing requirements and capabilities, if Azure P1 is accessible, would suggest going down the path of Azure MFA opposed to the so called O365 MFA.

Resources