This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi There,
We have setup a named location in Azure Conditional Access with our organizations IP ranges in CIDR notation format so that users are not prompted for MFA when in the offices.
When looking at the users sign-in information the IP matches what we have in the named location. However when you drill down into the users policy details for our MFA policy the location is displayed as Not Satisfied.
Is there something I am missing with using named locations? We do have the same IP configured under the MFA site multi-factor authentication service settings, trusted IPs but it shouldnt matter if there is a double up correct?
Any help appreciated.
Thanks
I am seeing the same thing too still....for weeks now while testing CA Policies. We have a policy that requires MFA with all locations included and our location excluded, but the matching is not working. When I look at the sign in and into the details of the conditional access policy that was applied upon signing in, it says the IP is "not matched", but it shows the IP that doesn't match, and it is the same IP that is excluded. So, doesn't seem to work in the case....we still get the MFA prompt.
Verify that you have excluded the selected locations (Trusted IP ranges) from the policy. I have attached two picture.
Same here, wanted to move exclusively to Conditional Access Named Location (from MFA Trusted IPs), as per
https://dirteam.com/sander/2020/07/07/todo-move-from-mfa-trusted-ips-to-conditional-access-named-locations/
but it simply does not work, still ask for code even if I am INSIDE the IP range in Named Location
Anybody? Surely I am not the only one...?
Within the same conditional access menu, check that there is no classic policy that generates conflicts.
