Using conditional access to not require MFA inside your trusted Named Locations

not require MFA inside your trusted Named Locations

This guide is useful as if you are rolling out OneDrive and Seamless Single Sign On via GPO, Microsoft do not support MFA/2FA with OneDrive and Seamless Single Sign On via GPO which causes the SSSO to fail and OneDrive to never login. However following the below steps can ensure that users are kept secure with MFA but also are allowed to SSSO inside the trusted names locations you specify.

Login to Azure Active Directory as a Global Administrator

2021 01 15 15 46 22 Home Microsoft Azure InPrivate Microsoft​ Edge

Scroll down the left panel and select Security

2021 01 15 15 46 33 Venn Academy Trust Microsoft Azure InPrivate Microsoft​ Edge 1

Select Names Locations

2021 01 15 15 46 50 Security Microsoft Azure InPrivate Microsoft​ Edge

Click New Location

2021 01 15 15 46 57 Security Microsoft Azure InPrivate Microsoft​ Edge

Enter a Site Name and the Public IP range of the site you wish to exclude from MFA, you can find this here

2021 01 15 15 47 07 New named location Microsoft Azure InPrivate Microsoft​ Edge

Click Conditional Access in the left panel

2021 01 15 15 47 57 Security Microsoft Azure InPrivate Microsoft​ Edge

Click on your existing MFA Policy, If you dont already have one, follow this guide to create one.

2021 01 15 15 48 17 Conditional Access Microsoft Azure InPrivate Microsoft​ Edge

Click Conditions (If you do not have this option and it is greyed out this will be due to licensing, This feature required a minimum of Azure P1)

2021 01 15 15 48 26 MFA Policy Microsoft Azure InPrivate Microsoft​ Edge

Expand out Conditions as below, select Exclude and select the locations you wish to exclude.

2021 01 15 15 48 43 MFA Policy Microsoft Azure InPrivate Microsoft​ Edge 1

Now when users login to 365 inside the Named location they will not be prompted for 2FA.

If you found this article helpful, would you consider buying me a Coffee?

Leave a Reply

Your email address will not be published. Required fields are marked *