You can't possible deny the request.
Everyone using the NPS extension must be synced to Azure AD using Azure AD Connect, and must be registered for MFA. When you install the extension, you need the Tenant ID and admin credentials for your Azure AD tenant.
When a request comes in from an IP address that exists in the IP_WHITELIST, two-step verification is skipped. The IP list is compared to the IP address that is provided in the ratNASIPAddress attribute of the RADIUS request. If a RADIUS request comes in without the ratNASIPAddress attribute, a warning is logged: "IP_WHITE_LIST_WARNING::IP Whitelist is being ignored as the source IP is missing in the RADIUS request NasIpAddress attribute
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--