Home

Unable to use MFA trusted IPs in an exclude location policy

Douglas Hamilton
Occasional Contributor

Hi,
I’m playing around with conditional access policies to allow admins or service accounts to sign in without MFA on corpnet. To accomplish that I added an IP range in the MFA trusted IPs list.

I then tried to create a CA policy that excludes the MFA trusted IPs list but sign ins still require MFA.

However if I create a Named location and add the same IP range and the use that named location in my exclude policy, sign-ins without MFA works fine.

I've tried this in multiple tenants, without luck. No ADFS, cloud-only accounts with E3 + P2 trial.
Anyone got this to work?

MFA.png

 

1 Reply

Adding the range to Trusted IPs in the MFA portal should work, and has been working for me for years now. Then again, we are slowly moving to the point when Microsoft will ditch the old MFA portal and bring all the settings in the Azure blade, so simply using the named location is a better solution (and one that does work in your case).

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies