SOLVED

Skip MFA for a single public IP

Copper Contributor

I want to skip MFA from one of our Remote App servers on our network. I will create a NAT for all inbound and outbound traffic for the Remote App server to use a specific public IP address. I have added the public IP address with /32 subnet in the multi-factor authentication service settings. Do I also need to setup a conditional access policy to bypass anything in this trusted ip section?

1 Reply
best response confirmed by MagicMarker (Copper Contributor)
Solution

Generally you can complete this within the CA policy, its one of the conditions.

You can either specify a Named Location or just use the MFA Trusted IP list.

Also, would suggest configuring locations.

 

CA Policy -> Conditions -> Locations -> Configure "Yes" -> Include "Selected Locations"/Trusted Locations"

Depending on licensing requirements and capabilities, if Azure P1 is accessible, would suggest going down the path of Azure MFA opposed to the so called O365 MFA.

1 best response

Accepted Solutions
best response confirmed by MagicMarker (Copper Contributor)
Solution

Generally you can complete this within the CA policy, its one of the conditions.

You can either specify a Named Location or just use the MFA Trusted IP list.

Also, would suggest configuring locations.

 

CA Policy -> Conditions -> Locations -> Configure "Yes" -> Include "Selected Locations"/Trusted Locations"

Depending on licensing requirements and capabilities, if Azure P1 is accessible, would suggest going down the path of Azure MFA opposed to the so called O365 MFA.

View solution in original post