Hi @Robert Frost ,
Based on your description, I understand that you are looking to exclude certain IP ranges from requiring multi-factor authentication when accessing a third-party LDAP service.
To achieve this, you can add configure multifactor authentication trusted IPs/Named Locations to exclude certain locations from MFA.
Then, if you have an MFA policy that is requiring MFA, you can ensure that the LDAP service is excluded from the policy under Cloud apps or actions > exclude , and the IP ranges can be excluded under Conditions > Locations > Exclude. Then you would go to Access Controls > Grant Access > Require multifactor authentication to ensure that the MFA is required for everyone else.
Let me know if this helps and if you have further questions. I'm happy to discuss this in more detail.
If the information helped you, please Accept the answer. This will help us as well as others in the communtiy who may be researching similar issues.