Grant user without MFA on conditional access

Starter 0 Reputation points
2024-06-06T12:46:30.62+00:00

Hi Expert,

Is it possible to grant user when there's authentication from source trusted ip/subnet?

What I need is I want a client who authenticate through NAC on cloud, can skip MFA. Rest of all will be forced to do MFA.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,082 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 143.6K Reputation points MVP
    2024-06-06T13:21:08.1833333+00:00

    yes.

    If licensed for Conditional Access, you can use locations to determine if MFA is required:

    https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-all-users-mfa

    or Trusted IPs which is not as granular and not preferred ( CA policies are better!)

    https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-mfasettings#trusted-ips

    0 comments No comments