We have ADFS 4.0 and MFA Server and on ADFS side configured Access Control Policies and assigned to Office 365 Relying Party. I need to configure the following policy, when user belongs to security group "External with MFA" and client IP address 172.29.X.X bypass MFA, all others authentication requests to Office 365 for this users require MFA. I've configured Access Control Policy as on picture but it's not working, always require second factor. Is anybody have had such cases any ideas are welcomed. Thank you!