MFA via app on Sharepoint Online

Hey Erik Lundgren,

If you have ADFS setup locally, you could do the equivalent of conditional access policies you see in Azure AD through the ADFS server that would force MFA. You would just need to setup the proper claims rules through ADFS to get this accomplished.

https://blogs.technet.microsoft.com/bulentozkir/2016/05/01/office-365-customers-who-have-adfs-installed-can-do-simple-filtered-mfa-using-adfs-claim-rules/

With that said, it is much more nuanced and in my opinion a bit more complicated to do this, than what Azure AD allows you to do through a few GUI based steps. 

Ultimately though YES you can do what you are asking, but you need ADFS and someone who understands the claims rule setup enough to be able to properly configure one to require MFA for SharePoint based on IP address.

At my old job, we in essence had the reveres, where we allowed IMAP connections and therefore ignored modern auth for users coming from our local offices, as our linux technicians were still running an old version of Thunderbird for their email and couldn't modern auth.

Personally I normally with my clients just do the AzureAD conditional access for that as it is much easier, but I can completely understand not wanting to switch from a current setup. - https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/the-role-of-claim-rules

Goodluck!

Adam