This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 92%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Certainly! Here's a refined version of your message:
Hello everyone,
I'm trying to set up a conditional access policy to allow a specific account to access Office 365 without requiring MFA when using an Azure VM. However, the policy isn't working as expected. Here's what I've done:
Despite these steps, MFA is still required when accessing Office 365 from the VM. Could anyone advise why the policy isn't taking effect as intended?
Check the Azure Sign in logs. Does it show the policy being applied and if not, see why
Hi,
So here are the screenshots for more info:
Can you confirm how it should look as I have excluded the locations I want it not to require MFA within this policy, this same policy works for onprem IPs / devices but stuck why its not working with this VM in azure since I have got in the correct IP range which is also Matched by this policy?
Hi,
So here are the screenshots for more info:
Can you confirm how it should look as I have excluded the locations I want it not to require MFA within this policy, this same policy works for onprem IPs / devices but stuck why its not working with this VM in azure since I have got in the correct IP range which is also Matched by this policy?
IT shouldnt be matching the location if its excluded from MFA
If you look in the sign in logs does the location show correctly.
IOW, if the user should be excluded from the policy, the policy should not be applied.
Hi Andy, I have found the issue the Public ip keeps changing for the VM, I have removed the Public IP for this VM so it shouldnt have one? Any ideas what I need to do / where to look for what IP range to exclude?