One of the ways that you can ease the burden of having to use MFA with every login to services like Microsoft 365 is to implement Trusted IPs for a limited set of networks. This feature is available with Azure MFA which is part of Azure AD Premium P1 and all SKUs of Microsoft 365 including Microsoft 365 Business.
You can read more about Trusted IP’s here:
To configure Trusted IPs in your environment visit:
https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspx
If you don’t have the appropriate license you will only see:
If you have the appropriate license you will see more options like so:
Thus, into the lower box you put the IP address range(s), behind which you do not wish to have MFA enabled. Anywhere else, it will remain enabled and required. Also don’t forget to check the option to Skip above this box.
If you also look inside your Conditional Access configuration, you will now find that you also have a new Location called MFA Trusted IPs as shown above. You can thus use that as part of your Conditional Access policies if you wish which you can read more about here:
In summary then, Trusted IPs allow you to remove the need to use MFA when configured and are part of Azure AD Premium P1 or Microsoft 365 licenses. They are great way to remove the need for MFA for network ranges that you trust. Typically these are the IP ranges inside a businesses local network, that the business completely manages and controls.
CIAOPS 