Greetings everyone, in today’s article we will cover how to skip MFA for intranet users in Office 365, this can be achieved if you have or not a federated domain environment (ADFS).
We will not cover “Conditional Access” from AAD Premium suite in this article, but be aware this can be done through there too.
1- Lets make sure the required option is enabled in the MFA portal, select the option “Skip multi-factor authentication for requests from federated users on my intranet”:
2- The next step is to create or verify if the rule “Inside Corporate Network” is created for your O365 relaying party trust on your ADFS server.
On the RP properties click on “Add Rule” if the rule does not exist:
On the Add Transform Claim Rule Wizard, select “Pass Through or Filter an Incoming Claim” from the drop-down and click Next:
Name your rule and from the drop-down, next to “Incoming claim type”, select “Inside Corporate Network”:
Click “Finish” and “Ok” on the next page.
3- Teste internally if the MFA will be skipped now.
4- If you don’t have a federated environment, you can add the company list of public IP into the field of “Skip multi-factor authentication for requests from following range of IP address subnets” of image in step 1.
Hope this clarifies how you can simply achieve this goal. Cheers!!!