What is MFA?
Multi-factor authentication (MFA) is a method of authentication that requires the use of more than one verification method and adds a second layer of security to user sign-ins and transactions. You can choose the following verification methods:
- A randomly generated pass code (Microsoft Authenticator App or SMS)
- A phone call
- A smart card (virtual or physical)
- A biometric device
When you don’t use MFA, but want to enable this. Follow this guide (Microsoft).
Create Trusted Locations
Go to https://aad.portal.azure.com and click “Azure Active Directory”
When you scroll down to the Security topic you click “Conditional Access”
After this click further to “Named Locations”
Click “New” and create your exclusion. In the example below i’ve used a internal range, normally you use your external one over here.
After you created your locations, you will need to click “Configure MFA trusted IPs”, clicking this link will open a new page.
On this new page you can mark “Skip multi-factor authentication for requests from federated users on my intranet”
Fill in your subnet(s).
Click the “Save” button and you are done!