cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Home

Only prompt for O365 MFA when on external network (E1 users)

%3CLINGO-SUB%20id%3D%22lingo-sub-1100250%22%20slang%3D%22en-US%22%3EOnly%20prompt%20for%20O365%20MFA%20when%20on%20external%20network%20(E1%20users)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1100250%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20about%201000%20E1%20users%20that%20are%20using%20O365%20MFA.%20We%20dont%20want%20them%20to%20receive%20MFA%20prompts%20when%20in%20office%2C%20only%20when%20on%20an%20external%20network.%20This%20can%20be%20done%20by%20the%20trusted%20IPs%20section%20in%20the%20O365%20portal%20but%20it%20is%20limited%20to%2050%20IP%20ranges%20(why%2050%3F).%20We%20have%20over%20300%20address%20ranges%20that%20we%20want%20to%20add.%20Is%20there%20a%20way%20to%20do%20this%20without%20giving%20the%20users%20EMS%20E3%20licenses%20and%20using%20conditional%20access%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1100250%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMFA%20Azure%20and%20Office%20Admin%20Portal%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1101068%22%20slang%3D%22en-US%22%3ERe%3A%20Only%20prompt%20for%20O365%20MFA%20when%20on%20external%20network%20(E1%20users)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1101068%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F242309%22%20target%3D%22_blank%22%3E%40Ravindra%20Mathura%3C%2FA%3E%26nbsp%3B!%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3ESadly%20no%2C%20the%20limit%20of%2050%20trusted%20IP%20ranges%20for%20the%20MFA%20part%20is%20not%20possible%20to%20work%20around.%26nbsp%3B%3C%2FP%3E%3CP%3EConditional%20Access%20with%20named%20locations%20is%20the%20way%20to%20go.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20Named%20locations%20you%20can%20use%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EOne%20named%20location%20with%20up%20to%201200%20IP%20ranges.%3C%2FLI%3E%3CLI%3EA%20maximum%20of%2090%20named%20locations%20with%20one%20IP%20range%20assigned%20to%20each%20of%20them.%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Flocation-condition%23named-locations%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Flocation-condition%23named-locations%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20you%20have%20300%20IP%20ranges%2C%20you%20will%20need%20Conditional%20Access%20with%20Named%20Locations.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20RegardsOliwer%20Sj%C3%B6berg%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Ravindra Mathura
Occasional Contributor

‎01-09-2020 02:34 PM

‎01-09-2020 02:34 PM

Only prompt for O365 MFA when on external network (E1 users)

We have about 1000 E1 users that are using O365 MFA. We dont want them to receive MFA prompts when in office, only when on an external network. This can be done by the trusted IPs section in the O365 portal but it is limited to 50 IP ranges (why 50?). We have over 300 address ranges that we want to add. Is there a way to do this without giving the users EMS E3 licenses and using conditional access? 

423 Views
0 Likes
1 Reply
Reply
1 Reply
Highlighted
oliwer_sjoberg

‎01-10-2020 03:07 AM

‎01-10-2020 03:07 AM

Re: Only prompt for O365 MFA when on external network (E1 users)

Hello@Ravindra Mathura ! 

Sadly no, the limit of 50 trusted IP ranges for the MFA part is not possible to work around. 

Conditional Access with named locations is the way to go. 

 

With Named locations you can use 

  • One named location with up to 1200 IP ranges.
  • A maximum of 90 named locations with one IP range assigned to each of them.

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition#named-...

 

Since you have 300 IP ranges, you will need Conditional Access with Named Locations. 

 

Kind Regards
Oliwer Sjöberg

0 Likes
Reply

Related Conversations View all

Excel stops working when Page edited

by BO1LER on June 03, 2020

34 Views 0 Likes
1 Replies

Open with Review Mode only on Word for the Web

by Georges Krinker on June 03, 2020

54 Views 1 Likes
2 Replies

Question for Power Apps

by CrashGear on June 03, 2020

43 Views 0 Likes
0 Replies

How to Cleanup Storage on New O365 Outlook Interface ?

by Mohammed Shahed on June 03, 2020

173 Views 0 Likes
10 Replies

Related Blog Posts View all

A new wave of innovation to help IT modernize servicing of Microsoft 365 Apps for enterprise

by Tara_Roth on May 12, 2020

12162 Views 11 Likes
11 Replies

Update on timing of opt-in Microsoft Search in Bing through Microsoft 365 Apps for enterprise*

by Office_365_Team on May 05, 2020

3368 Views 1 Likes
1 Replies

Configuring Office 365 ProPlus updates for remote workers using VPN

by Dave Guenthner on March 25, 2020

16260 Views 13 Likes
10 Replies

Related Videos View all

One browser for modern and legacy web apps: Deploying Microsoft Edge and Internet Explorer mode

Posted in Microsoft Ignite The Tour 2019 on March 05, 2020