Generally you can complete this within the CA policy, its one of the conditions.
You can either specify a Named Location or just use the MFA Trusted IP list.
Also, would suggest configuring locations.
CA Policy -> Conditions -> Locations -> Configure "Yes" -> Include "Selected Locations"/Trusted Locations"
Depending on licensing requirements and capabilities, if Azure P1 is accessible, would suggest going down the path of Azure MFA opposed to the so called O365 MFA.