This guide is useful as if you are rolling out OneDrive and Seamless Single Sign On via GPO, Microsoft do not support MFA/2FA with OneDrive and Seamless Single Sign On via GPO which causes the SSSO to fail and OneDrive to never login. However following the below steps can ensure that users are kept secure with MFA but also are allowed to SSSO inside the trusted names locations you specify.
Login to Azure Active Directory as a Global Administrator
Scroll down the left panel and select Security
Select Names Locations
Click New Location
Enter a Site Name and the Public IP range of the site you wish to exclude from MFA, you can find this here
Click Conditional Access in the left panel
Click on your existing MFA Policy, If you dont already have one, follow this guide to create one.
Click Conditions (If you do not have this option and it is greyed out this will be due to licensing, This feature required a minimum of Azure P1)
Expand out Conditions as below, select Exclude and select the locations you wish to exclude.
Now when users login to 365 inside the Named location they will not be prompted for 2FA.