Forum Discussion
Skip multi-factor authentication IP whitelist
Those are the two ways available currently (here's a reference for others browsing the thread: https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-adfs-cloud). If you are hitting the 50 ranges limit, simply consolidate them in /16 or "bigger" blocks.
I'm not aware of any way to increase the limit, but you can always open a support case and ask.
- MooreSecurityJul 03, 2018Brass ContributorIs there any way to add a single public IP address instead of a range?
Adding a public IP range would circumvent certain conditional access rules based on trusted locations, and could include an adversaries IP address.- VasilMichevJul 03, 2018MVP
Simply add an /32 range.
- Dphyme76May 24, 2017Copper Contributor
Vasil,
Thanks for the response. I am currently looking into Named Locations with Conditional Access in Azure AD. It seems to have a higher limit.
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-named-locations
Limitations - You can define a maximum of 60 named locations with one IP range assigned to each of them. If you have just one named location configured, you can define up to 500 IP ranges for it.
I will update on my findings for anyone else who may be interested.
Thanks
- VasilMichevMay 25, 2017MVP
But can you actually use them for MFA bypass?
- buttgowher517Oct 15, 2024Copper Contributor
VasilMichev I don't P1 or P2. How can i bypass MFA for trusted IP