Solution to Disable Azure MFA Prompt

B

The Trusted IPs feature of Azure Multi-Factor Authentication is used by administrators of a managed or federated tenant. The feature bypasses two-step verification for users who sign in from the company intranet. The feature is available with the full version of Azure Multi-Factor Authentication, and not the free version for administrators.

To prevent users from being prompted for Azure Multi-Factor Authentication (MFA) when they access the web apps from the on-premises network, you need to configure trusted IPs in Azure Active Directory.

Explanation:

When Azure AD receives an authentication request, it evaluates whether the request is coming from a trusted IP address. If the request is coming from a trusted IP address, Azure AD doesn't prompt the user for MFA. Instead, it grants access based on the user's identity and the assigned application permissions.

To configure trusted IPs in Azure AD, follow these steps:

1. In the Azure portal, navigate to Azure Active Directory > Security > Conditional Access.
2. Click on Named Locations > Configure named locations.
3. Click on New location.
4. In the Name field, enter a name for the trusted location.
5. In the IP address range field, enter the IP address range for the trusted location.
6. Click on Create.

Once you have created the trusted location, you can create a conditional access policy that applies to the web apps in your subscription. In the policy, you can configure the trusted locations to exclude MFA.

Answer B: Trusted IPs is the correct answer.

Answer A: Azure policy is used to enforce organizational standards and to assess compliance at scale.

Answer C: Site-to-site VPN between the on-premises network and Azure is used to establish a secure connection between on-premises resources and resources deployed in Azure.

Answer D: Azure ExpressRoute circuit is used to create a private, dedicated connection between on-premises infrastructure and Azure datacenters.