Skip MFA for a single public IP

Occasional Contributor

I want to skip MFA from one of our Remote App servers on our network. I will create a NAT for all inbound and outbound traffic for the Remote App server to use a specific public IP address. I have added the public IP address with /32 subnet in the multi-factor authentication service settings. Do I also need to setup a conditional access policy to bypass anything in this trusted ip section?

1 Reply
best response confirmed by MagicMarker (Occasional Contributor)

Generally you can complete this within the CA policy, its one of the conditions.

You can either specify a Named Location or just use the MFA Trusted IP list.

Also, would suggest configuring locations.


CA Policy -> Conditions -> Locations -> Configure "Yes" -> Include "Selected Locations"/Trusted Locations"

Depending on licensing requirements and capabilities, if Azure P1 is accessible, would suggest going down the path of Azure MFA opposed to the so called O365 MFA.