So there are three MFA settings. Disabled, Enabled and enforced. Enabled is set and then the user can authenticate using only name and password at which point they have to enroll in the MFA process.
We have 100% requirement that all users have MFA enabled. Unfortunately some of them don't complete this process because they never check email outside the company.
Is there a setting that I can disable authentication from ALL users that have disabled, or enabled, set for MFA UNLESS the request comes from an IP that is on the trusted IP list. This will ensure that no authentication requests are accepted from OUTSIDE the corporate network that are for users that do not have MFA enforced meaning they have completed the enrollment process.
Thanks John