Skip MFA for intranet users in Office 365
By Cesar Hara and Agustin Gallegos
Greetings everyone, in today’s article we will cover how to skip MFA for intranet users in Office 365, this can be achieved if you have or not a federated domain environment (ADFS).
We will not cover “Conditional Access” from AAD Premium suite in this article, but be aware this can be done through there too.
UPDATE: The "trusted IPs" option is only available for paid subscriptions like AADP, EMS or full MFA, check on this article for more details.
1- Lets make sure the required option is enabled in the MFA portal, select the option “Skip multi-factor authentication for requests from federated users on my intranet”:
2- The next step is to create or verify if the rule “Inside Corporate Network” is created for your O365 relaying party trust on your ADFS server.
Click “Finish” and “Ok” on the next page.
3- Test internally if the MFA will be skipped now.
4- If you don’t have a federated environment, you can add the company list of public IP into the field of “Skip multi-factor authentication for requests from following range of IP address subnets” of image in step 1. This will skip MFA regardless if the user is federated or managed, once the request comes from a whitelisted IP.
Hope this clarifies how you can simply achieve this goal. Cheers!!!