0

Hopefully someone as an idea...

In Azure AD, how can we allow MFA setup by a user but only allow that configuration to occur on a trusted network? We have trusted networks defined but everything we have tried does not prevent MFA setup from outside those trusted networks.

For example, if I set MFA to Enabled, then how do we prevent the user from setting it up at home vs forcing setup from the office.

thanks

user210355
  • 1
  • I'm not really sure what you want to achieve here - you want to restrict the origin from where your users can set up MFA? – mhr Jun 18 '19 at 08:57
  • That is correct. We don't want to allow users to set up MFA initially unless they are on a defined trusted network. So if they are off a trusted network and haven't completed the MFA setup then they have no access. If they complete the MFA setup on a trusted network then they are good to go. -- thanks – user210355 Jun 18 '19 at 13:43
  • I've just checked if i remembered that right, but it seems you can restrict access on azure for specific ip ranges - wouldn't this be a way to implement this? block access to the mfa-service from everywhere but your office-ip-range.. https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions – mhr Jul 10 '19 at 16:37

0 Answers0