Challenged for Second Factor despite WAN IP marked as Trusted Named Location

BradAtOhnyx · ‎Jan 05 2021

Hi,

I have been experimenting with conditional access policies, with the end goal being pushing clients I manage to using 2nd factor, but not requiring that second factor if, for instance, signing in from the work office (or other trusted location).

So far in my testing I have added 3 IpRange CidrAddress to a single policy using New-AzureADMSNamedLocationPolicy and also set IsTrusted to $true

I can see this configuration reflected in: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/NamedNetworksV2

When I sign in on a multi factor enabled account from one of these IpRange, I am still prompted for a second factor.

Is there additional steps required to allow single factor sign in from trusted named locations?

Thanks,

Brad

Thijs Lecomte · ‎Jan 05 2021

Have you checked the sign-in logs for a sign-in and then check the 'Conditional Access' tab. Then check the policy details (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/troubleshoot-conditional-...)
Here you can see which policy was assigned and why.

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Challenged for Second Factor despite WAN IP marked as Trusted Named Location

Challenged for Second Factor despite WAN IP marked as Trusted Named Location

Re: Challenged for Second Factor despite WAN IP marked as Trusted Named Location