Forum Discussion
Skip multi-factor authentication IP whitelist
Hello, We are currently testing out Azure MFA, but want to skip requests when the users is on our corporate network. I have the "Skip multi-factor authentication for requests from following range o...
Hi All,
Is there a way around for this? 50 subnets is not enough. Can anyone please confirm if Microsoft support has a way around this?
Thanks,
Olson
I don't think that this is right. According to the document linked above ...
you can create a named location with 1200 ip ranges, and then mark it as trusted. Then you can use this in an exclude on a CA policy that mandates the use of MFA.
All that said, if you have AAD P2 the AzureAD Identity Protection feature is better, it learns the patterns of users and determines login risk, use it to only requireMFA when the risk is medium or above and your users will be unlikely to eer see a prompt, but rogue login attempt will be thwarted.
