How to exclude an IPv6 address from the MFA request

Massimo Mugnone 1 Reputation point


I have a new VM server on Azure on which an application is developed.

This application requires authentication on Azure AD.

On our Azure AD the MFA is configured with its IPv4 exceptions and this all works correctly.

Now, the problem is, the new server I mentioned at the beginning shows up with an IPv6 and then asks for the MFA failing to authenticate.

Googling a bit I read that you have to go through the "Conditional Access" configuration but I can't understand the logic and I did some tests

without success.

Can anyone help me set it up correctly?

thank you


Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,261 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,802 questions
{count} votes

3 answers

Sort by: Most helpful
  1. risolis 8,701 Reputation points

    Hello @Massimo Mugnone

    Are you talking about the following statement?

    "Trusted IPs allow administrators to by-pass two-step verification for specific IP addresses, or for federated users that have requests originating from within their own intranet. The following sections describe how to configure Azure AD Multi-Factor Authentication Trusted IPs with federated users and by-pass two-step verification when a request originates from within a federated users intranet. This is achieved by configuring AD FS to use a pass-through or filter an incoming claim template with the Inside Corporate Network claim type"


    1 person found this answer helpful.

  2. risolis 8,701 Reputation points

    @Massimo Mugnone

    Let me know if that works as an answer to your concern.


    0 comments No comments

  3. Alex Grey 1 Reputation point

    Hello! I was also looking for the same thing. Thanks!