Forum Discussion
Challenged for Second Factor despite WAN IP marked as Trusted Named Location
Hi,
I have been experimenting with conditional access policies, with the end goal being pushing clients I manage to using 2nd factor, but not requiring that second factor if, for instance, signing in from the work office (or other trusted location).
So far in my testing I have added 3 IpRange CidrAddress to a single policy using New-AzureADMSNamedLocationPolicy and also set IsTrusted to $true
I can see this configuration reflected in: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/NamedNetworksV2
When I sign in on a multi factor enabled account from one of these IpRange, I am still prompted for a second factor.
Is there additional steps required to allow single factor sign in from trusted named locations?
Thanks,
Brad
- Thijs LecomteBronze ContributorHave you checked the sign-in logs for a sign-in and then check the 'Conditional Access' tab. Then check the policy details (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/troubleshoot-conditional-access#policy-details)
Here you can see which policy was assigned and why.