SOLVED

Override MFA trusted IP for some users

Copper Contributor

Hi,

I have set up MFA trusted IPs for Our internal IPs to avoid MFA when logging in from internal Networks. This Works fine, but for some users I want MFA even when accessing Azure from internal nertworks, typically I always want MFA for users With admin-roles in Azure. How this be done? 

 

Best regards,

Thor-Egil 

3 Replies
best response confirmed by Thor-Egil Ekeli (Copper Contributor)
Solution

If you can afford Azure AD Premium P2 licenses for your admins, then Privileged Identity Management is your best option:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-privileged-identity-managem...

 

Thanks you for Your response! This seems to be a good solution. So it is not possible to "ignore" the trusted IP-functionality for a Group of users? 

I'm not aware of an Azure MFA setting to achieve your goal. You can also use Azure AD Conditional Access but, again, this comes with Premium license
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-po...
1 best response

Accepted Solutions
best response confirmed by Thor-Egil Ekeli (Copper Contributor)
Solution

If you can afford Azure AD Premium P2 licenses for your admins, then Privileged Identity Management is your best option:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-privileged-identity-managem...

 

View solution in original post