Jun 05 2018
- last edited on
Jul 27 2020
I’m playing around with conditional access policies to allow admins or service accounts to sign in without MFA on corpnet. To accomplish that I added an IP range in the MFA trusted IPs list.
I then tried to create a CA policy that excludes the MFA trusted IPs list but sign ins still require MFA.
However if I create a Named location and add the same IP range and the use that named location in my exclude policy, sign-ins without MFA works fine.
I've tried this in multiple tenants, without luck. No ADFS, cloud-only accounts with E3 + P2 trial.
Anyone got this to work?
Jun 06 2018 10:19 AM
Adding the range to Trusted IPs in the MFA portal should work, and has been working for me for years now. Then again, we are slowly moving to the point when Microsoft will ditch the old MFA portal and bring all the settings in the Azure blade, so simply using the named location is a better solution (and one that does work in your case).